71 percent of Australian-used IoT devices failed privacy probe

71 percent of devices and services used by Australians did not provide a privacy policy nor a notice explaining how personal information is collected, used, and stored.
Written by Asha Barbaschow, Contributor

The Office of the Australian Information Commissioner (OAIC) has found that 71 percent of Internet of Things (IoT) devices and services used by Australians failed to adequately explain how personal information was collected, used, and disclosed.

According to Australian Privacy Commissioner Timothy Pilgrim, the seamless nature of how IoT devices collect, store, and share user information means that customers are not always fully aware of the privacy risks.

"The Internet of Things allows for some great products and entertainment, but many of us have adopted this technology into our everyday lives without considering how much of our personal information is being captured or what happens to that information," he said.

"Remember, for an Internet of Things device to work for you it needs to know about you, so you should know what information is being collected and where it is going."

OAIC conducted the review from April 11-15 this year, in unison with fellow international regulators through the Global Privacy Enforcement Network (GPEN), which comprises 25 participating data protection authorities.

When it comes to the collection, use, and disclosure of data, the OAIC also revealed in its sweep that 27 percent of businesses did not indicate whether personal information would be shared with third parties.

The OAIC found that some organisations did not make it clear what information would be collected, reporting it was unclear whether a username, address, phone number, date of birth, phone, or browsing history was stored by over a third of the businesses whose privacy communications were looked into.

The global sweep examined 314 devices/businesses.

Over 50 percent of devices reviewed by the consortium collected a user's date of birth, location, address, phone number, or a unique device identifier, with over 80 percent collecting a user's name and/or email.

Overall, the global sweep found that about 72 percent of businesses did not clearly explain how a user could delete their personal data from the device or app, with 38 percent of devices also failing to provide easily identifiable contact details that customers could use if they had privacy concerns.

When it comes to the storage of data on a global scale, 68 percent of devices did not adequately explain to customers how information collected by their device is stored; 68 percent of companies were also unclear on whether data was stored in an encrypted form; and 49 percent of devices were felt to not adequately inform users of data protection safeguards.

Pilgrim said that the majority of the businesses reviewed in the sweep could benefit from better explaining their information-handling practices to customers.

"This year's GPEN sweep has reinforced how important it is for businesses, particularly startups, to implement a 'privacy-by-design' approach, where strong privacy frameworks and communications are implemented from the beginning," the commissioner added.

"Strong privacy protections and clear explanations for how personal information is managed helps build consumer trust. It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong."

Telstra's former CTO Vish Nandlall said previously that Australians are networking their homes at twice the rate of Americans and are eager adopters of the IoT, with US homes having an average of four devices connected to the internet in 2014, a rate well below its tech-hungry Australian counterparts.

By the end of 2016 some 6.4 billion "things" -- devices from toasters and kettles to cars and hospital equipment -- will be connected to the internet, according to analyst firm Gartner.

That figure represents a 30 percent rise from 2015 and Gartner expects this figure will grow further to reach 20.8 billion by 2020.

By this year, as many as 5.5 million new things will become connected every day and as a result, the growing IoT will support total services spending of $235 billion in 2016, up 22 percent from 2015, the analyst predicted.

Editorial standards