Holiday gifts are getting smarter, and your data is at risk

Your partner’s new treadmill looks great – with a helpful smart screen customized to their needs, collecting their daily workouts with reminders, and connected straight to their smart phone’s app – the perfect Christmas gift! But where is that personal information going and how is it being used? Demand for tech-infused gadgets is growing – and raising privacy alarms. Smart devices collecting personal information are everywhere in homes world-wide: Smart home devices, games and entertainment, wearable devices, health and exercise equipment, pet devices, video call devices/apps, and even your children’s animatronic toy.

Privacy among Internet of Things (IoT) devices, also called smart devices, in the tech savvy age has become a major concern for consumers and regulators. This is primarily due to their prevalence and overcollection of personal data.

Some major concerns include:

• Personal Information sold, shared, and/or used for marketing without proper consent. For example, in a statement by treadmill manufacturer NordicTrack, “By creating an account with us, you agree that we may contact you for marketing and transactional purposes by phone, e-mail, mail, or text message, even if your number is on a do-not-call list or is a wireless number.” Users can’t opt out and they’re only presented with these facts if they seek out the privacy policy. (see Clarip Consent Management)
• Rudimentary and unclear security settings. Smart devices are sometimes referred to as “smart spies” because they can record and transfer personal information. Hackers use technical flaws to install spyware and collect sensitive personal information. Smaller companies often don’t have the resources to prioritize the privacy and security of their products, Like pet GPS company Mars, Incorporated. In Mozilla’s “Privacy not Included” research, Mars’s Whistle switch collar seems to collect a good bit of information on their users, both human and canine, as far as we can tell. The privacy policy only mentions that it covers the website and apps but makes no mention of GPS devices. (see Clarip Clarip Preference Management)
• High connectivity to GPS, cellular, Wi-Fi, Bluetooth, and other networks. Mars’s Whistle switch collar, for better tracking for a possibly lost dog, this device uses all the tracking and connection tech. That’s a lot of connectivity! Apple Airtags and Tile have huge community and network making your lost items visible within the app, and Samsung’s Galaxy SmartTag’s is smaller but quickly growing. (see Clarip Automated Data Mapping)

The booming smart toy market

Children’s fuzzy friends and cool robot toys are now connected as well! That means their privacy is compromised. Amazon’s Alexa connected “Fuzzible Friends” starts up by simply saying “Hey, Alexa, let’s play Fuzzible Friends!” The stuffed toy itself doesn’t have a microphone built in, which is good. Still, Amazon’s Alexa and a company called Creativity Incorporated that developed Fuzzible’s Alexa Skill will be listening to your child play. In their privacy policy they say they can receive personal data based on the parental consent granted to Amazon.

Coding robots for kids are cool. Tech company UbTech offers codable robots in many shapes, FireBot dragon kit, Overdrive BuilderBots, and even a UnicornBot. These robots allow techy kids to code robots that can walk, detect obstacles with IR and Sonar, cameras and preform rudimentary tasks. The app accesses camera, microphone, location tracking on your phone. However, the privacy policy provided by UbTech is vague at best. They say, “Generally, we will only use your personal information we collect for the purposes described in this Privacy Notice, or for the purposes we explain to you when collecting your personal information. However, if permitted by applicable local data protection laws, we may also use your personal information for purposes other than those we have explained to you (such as for public benefit, for scientific or historical research, or statistics purposes).”

Conclusion: Better privacy policies and transparency

The takeaway of this article, consumers are purchasing more connected devices, and they’re more concerned about how data is being used than ever. Clear, accurate, easy-to-read and easy-to-find privacy policies are required by privacy regulations. Offer a method to opt-out of the collection and access of personal information, and a method to request deletion of personal information already collected. Automated data mapping and categorization, such as Clarip’s data mapping software tools, improves understanding of what data is being collected and transferred internally and externally from an organization’s websites and databases.

At Clarip, we are committed to providing businesses with privacy compliance solutions.  We help companies stay compliant with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Lei Geral de Protecao de Dados Pessoais (LGPD), and other data privacy laws.  We specialize in automated data mapping, fully-automated end-to-end data subject request fulfillment, data risk intelligence scanning, and vendor and consent management.  Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more today!