There’s no getting away from it, many smart devices are pretty cool. A smart TV for instance, hooks up to the internet and gives you big screen access to some really interesting content –depending on your interests of course.

Most smart TVs provide web browsing and even games and you don’t have to connect to a TV antenna or subscribe to a cable/satellite service.

With Christmas just around the corner there’s going to be an onslaught of smart devices on sale whether it’s TVs, Amazon Echo smart speakers, internet connected toasters and a whole range of other gizmos.

But did you know that many of these smart devices suck up data like hoovers vacuum up dust?

The big picture

We don’t want to put you off buying one of these cool gadgets but in the interest of fairness it’s important we all understand the big picture.

Earlier this year US technology journalist Kashmir Hill turned her one-bedroom apartment into a ‘smart home’ and for two months she measured how much data was being collected by the firms that made the devices.

She gave a TED talk on what she discovered. You can watch it here.

Here are some of the highlights:
  • Her smart toothbrush betrayed when she had not brushed her teeth
  • The Amazon Echo talked to Amazon servers every three minutes
  • The smart TV was sending information about every show she watched on Hulu (a movie and show streaming service) which was in turn shared with data brokers.
  • A smart coffee maker made horrible coffee and sent data to a server

In short, she was giving away a lot of information that she wouldn’t normally have known about.

But perhaps more worrying than the data she could track was the vast amount of data she couldn’t track.
“With the other data I don't know ultimately where it was shared," she said.

Hill concluded that: “It was like living in a "commercial, surveillance state" with "not a single hour of digital silence".

That said, she’s not abandoning some smart devices, she’s keeping the TV and Amazon Echo even though she feels uncomfortable with the privacy intrusions.

Railroad through privacy

Many smart device manufacturers don’t even give a nod to privacy intrusions:
  • Smart TV manufacturer Vizio installed software on 11 million of its smart TVs to collect viewing data, without informing customers or seeking their consent. It also gathered each household's IP address, nearby Wi-Fi access points and postcode, and shared that information with other companies to target advertisements at Vizio TV owners. 
  • Standard Innovation's We-Vibe smart vibrators transmitted user data, including heat level and vibration intensity, to the company in real time.

Saved by the GDPR bell

The introduction of the General Data Protection Regulation (GDPR) in Europe promises consumers far greater control over their data.

In practice this means smart device manufacturers have to inform users about data collection and also gain their consent.

Good questions to ask

If you’re planning to buy a smart device the following points are worth considering. You might even want to ask the salesperson but don’t be surprised if they are floored by your questions.
  • What data is collected and shared by the device? 
An IoT device should only ask for the data that’s necessary and relevant to the service. A fitness tracker, for example, might collect data on the number of steps you take, but think twice if it logs location data too. 
  • Can you access the data that is collected? 
Can you access the data a device collects? Can you delete or correct inaccurate information, which could be used to make credit, insurance, and other decisions about you. 
  • How long is data retained? 
Some connected devices adopt the principle of data minimisation using only as much data as is necessary to ensure the functionality of their products or services. Companies really shouldn’t be retaining data for any longer than needed to provide you with the service. 
  • Can you opt out? 
Beware of companies and services that don’t offer you data collection opt-outs or ask for your permission to collect additional data. In the settings for the device or service, be careful not to bypass opt-outs or grant unnecessary permissions.