GATINEAU – The privacy safeguards of Internet-connected devices are not only poor, they also do not inform users about exactly what personal information is being collected and how it will be used, according to an international internet privacy sweep.
The fourth annual Global Privacy Enforcement Network privacy sweep took place April 11 – 15, 2016 involving a number of data protection authorities from around the world, including the Office of the Privacy Commissioner of Canada (OPC). Privacy enforcement authorities looked at the privacy communications and practices of 314 Internet connected devices, focusing largely on how organizations communicate their personal information handling practices. The OPC's sweepers assessed 21 health and wellness devices considered to be popular among Canadians, including fitness trackers, smart watches, smart scales, blood pressure monitors and other Internet connected devices capable of tracking everything from sleep habits to an individual’s blood-alcohol level.
According to the results, many companies neglect to explain how information is stored and safeguarded or how a user can delete their personal information. While a number of the swept devices collect sensitive data, including health and financial information, their privacy communications tended to be generic.
"Overall there was significant room for improvement with respect to the privacy communications of the Internet-connected devices swept," said Commissioner Daniel Therrien in a statement Thursday. "With the proliferation of the Internet of Things, the activities, movements, behaviours and preferences of individuals are being measured, recorded and analyzed on an increasingly regular basis. As this technology expands, it is imperative that companies do a better job of explaining their personal information handling practices."
The goal of the international sweep was to increase public and business awareness of privacy rights, responsibilities and best practices; encourage compliance with privacy legislation; and to enhance cooperation among privacy enforcement authorities.
