Connected devices - MPs call for standardized privacy interfaces and warn of tech abuse

Connected devices have become a core feature of many of our lives. From smartwatches, to connected speakers, to wearable fitness trackers - government figures show that there are on average nine of these types of connected devices in every household in the UK. By 2050 there is expected to be 24 billion interconnected devices worldwide. 

These devices use a variety of technologies, including sensors, cloud platforms, cloud infrastructure, software, and wireless connectivity - and it’s often the data produced by these tools that is of particular interest to the user. However, these devices also pose a variety of risks and threats to data privacy and personal security, which is the key topic of concern in a report released this week by MPs on the Culture, Media and Sport Select Committee. 

MPs took evidence over a number of months, assessing the role the potential benefits and harms of connected devices, and found that more could be done to protect users as it relates to data privacy features. More worryingly, the Committee found that these devices are increasingly being used in cases of domestic abuse and that the criminal justice response to this development is lacking. 

The Committee said that whilst these devices can deliver fundamental benefits that include efficiency, safety, security, entertainment and environmental improvements, it shouldn’t be ignored that they pose a range of other risks that include a loss of privacy, operational unpredictability and unfairness, and online safety concerns. 

The report is urging the government and the Information Commissioner’s Office to address these issues by empowering users, and in particular children, to exercise their rights over their personal data through better and more intuitive product design, clear terms and conditions and digital literacy schemes. 

And on the issue of technology’s role in domestic abuse, the Committee has said that the government could take steps to tackle it by improving the criminal justice response, raising public awareness and convening industry to ensure manufacturers and distributors are mitigating risks through product design. 

Dame Caroline Dinenage MP, Chair of the CMS Committee, said:

While the rising popularity of connected technology has brought undoubted benefits to everyday life, the flip side is the real risk some of these gadgets pose to privacy and personal safety online. In particular, the surge in use of devices such as smart home security systems, baby monitors, cameras and smart speakers to monitor, harass, coerce and control victims of domestic abuse is truly chilling. 

The Government must make it a priority to work with manufacturers to tackle this technology-facilitated abuse, which is only going to get worse in the future. The police and criminal justice system must be better equipped to deal with it, while victims should be properly supported. 

Connected devices also harvest a large amount of personal data and there are particular concerns where children are involved. The Government and Information Commissioner’s Office should make sure products used in schools and by young people at home have privacy settings that are intuitive for children and age-appropriate terms and conditions.

Recommendations

On the issue of tech abuse, the Committee heard how perpetrators ofte purchase, set up and manage connected devices to monitor their victims, as well as force victims and survivors to divulge passwords to their accounts to establish coercion and control. Surveillance apps are becoming increasingly common and devices are used to coerce and control victims, even when the perpetrator isn’t present - by listening in and collecting recorded conversations, as well as monitoring location data. Devices have also been gifted to children in an attempt to monitor and control ex-partners that have left a relationship, and the Committee heard how some products are designed and promoted for the specific purpose of stalking, but are masquerading as home tech products. 

To counter this, the Committee recommends: 

• The Government should make tackling technology-facilitated abuse, or "tech abuse", a priority. The Government's response to tech abuse should involve upskilling law enforcement to improve the criminal justice response and increasing law enforcement's and victims' and survivors' awareness of specialist services tackling violence against women and girls.

• The Office for Product Safety and Standards should convene a ‘tech abuse working group’ to bring the industry together to tackle tech abuse.

On the issue of ‘datafication’ of peoples homes and lives, through the use of connected devices, and concerns raised about data privacy and security, the Committee is recommending that: 

• Users must be given clear information about, and a fair chance to understand, the basis on which their data is used and how to exercise their rights. The Government should introduce measures to standardize privacy interfaces for connected devices. Privacy interfaces should be appropriately accessible, intuitive and flexible enough so users of a reasonable level of digital literacy and privacy expectations can use them, without requiring them to go through complex dashboards with long lists of terms and conditions and settings.

• The Committee says that use of connected tech in schools and by children in homes raises concerns, including the harvesting and third-party use of children’s data and their lack of control over what technology is used and when. The report argues that the Information Commissioner’s Office needs to be more proactive and ensure that all products include age-appropriate terms and conditions.

• The monitoring of employees in smart workplaces should be done only with the consent of those being monitored. The Information Commissioner's Office should develop its existing draft guidance on “Employment practices: monitoring at work” into a principles-based code for designers and operators of workplace connected tech.

My take

Connected devices can be incredibly useful, but their presence can also quickly proliferate and there is certainly an aspect of creeping data collection. And given the nature of these devices, which are usually made up of a number of components, coupled with the fact that they can be used not as intended, tackling concerns from one angle is unlikely. What’s required is an uplift in skills and awareness, as well as a hardened approach to regulation that protects users. Overall a very sensible set of recommendations from the Committee.