Transparency in the consumer
Internet of Things
DATA FLOWS AND DATA RIGHTS
Smart devices, such as speakers with voice assistants, home security systems, fitness trackers and other wearables increasingly feature in everyday life. These so-called consumer Internet of Things (IoT) products can generate and collect vast amounts of data about ourselves, our actions and our behaviours; though often there is little known about this data and how it is used.
Towards this, we explored the potential for transparency mechanisms for building an understanding of the data processing practices of IoT product vendors.
Specifically, we obtained 43 IoT products and set up a monitoring infrastructure to capture data flows from the products over the Internet as they were being used. We analysed the volumes, frequencies, and destinations of these data flows, and then used our data rights to probe the vendors what data was collected, why, with whom it is shared, and so on.
We found that IoT vendors generally provide little transparency and are often not forthcoming about what happens with people’s data. Given that consumer IoT devices will likely be used in personal and intimate settings, such as in our homes or worn on our bodies, this opacity in data processing practices raises real concerns.
Report authors: Anna Ida Hudig (lead researcher), Chris Norval, Jatinder Singh. Compliant and Accountable Systems Group, Department of Computer Science and Technology, University of Cambridge.
Contributors: Reuben Binns (University of Oxford), Richard Cloete (Harvard University), Hamed Haddadi (Imperial College London), Anna Maria Mandalari (University College London).
This report presents independent research funded by a privacy innovation research grant from the Information Commissioner’s Office (ICO).