Public Services > Central Government

ICO commits to privacy crackdown on IoT devices

Neil Merrett Published 27 September 2016

UK data regulator committed to ensuring potential benefits of technologies like smart meters will not compromise privacy regulations on back of global study of 300 devices


The potential for Internet of Things (IoT) technology to improve the health and lifestyle of UK citizens must not come at the expense of privacy, the Information Commissioner’s Office (ICO) has said as it looks to ensure better compliance with data protection regulations from device suppliers.

Amidst public and private sector work looking at better exploiting IoT technologies to provide more innovative services and information, the UK data regulator’s enforcement head, Steve Eckersley, said the organisation would be working with industry on ensuring privacy is not breached.

 “Companies making these devices need to be clear how they’re protecting customers.  We would encourage companies to properly consider the privacy impact on individuals before they go to market with their product and services. If consumers are nervous that devices aren’t using their data safely and sensibly, then they won’t use them,” he said.

The comments follow the publication of new findings undertaken by 25 data protection regulators from around the world that studied how devices such as smart electricity meters, health monitor wearable devices and internet-linked thermostats use personal data.

According to a report by the Global Privacy Enforcement Network (GPE), which the ICO is a member of, 300 devices were looked at with regard to meeting key confidentiality and privacy factors.

Of these devices, six out of ten were found to have not been clear with users about how their personal data is being used.

The ICO said key findings from the report found that 72% of devices did not explain how a user could delete information from them, with 68% of the same technology not explaining clearly how data they carried was stored.

Particular concern was also noted around medical devices that sent confidential data to the relevant GPs via unencrypted e-mail.

“Authorities will now consider action against any devices or services thought to have been breaking data protection laws,” said the ICO on the back of the findings.

With analyst Machina Research recently estimating that the UK marketplace for IoT is currently valued at around £13.3bn - a figure that could rise by around 50% over the next two years - the government has itself begun to consider possible implications of the technology via a national smart meter roll out.

Intended to launch in August, the Department for Business, Energy & Industrial Strategy (BEIS) hopes to implement infrastructure that will underpin a UK smart energy meter roll out from this month after opting to undertake further testing.

It is understood that the programme, which aims to support the implementation of 50m devices to measure gas and electricity at homes and smaller non-domestic business sites across Britain by 2020, will be unaffected by the latest delays.

Related articles:

Digital Catapult targets IoT shake up with London network launch

Government confirms smart meter network launch delay

Survey indicates Whitehall's data sharing progress

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.