The Office of the Australian Information Commissioner (OAIC) has found that 71 percent of Internet of Things (IoT) devices and services used by Australians failed to adequately explain how personal information was collected, used, and disclosed.
According to Australian Privacy Commissioner Timothy Pilgrim, the seamless nature of how IoT devices collect, store, and share user information means that customers are not always fully aware of the privacy risks.
“The Internet of Things allows for some great products and entertainment, but many of us have adopted this technology into our everyday lives without considering how much of our personal information is being captured or what happens to that information,” he said.
“Remember, for an Internet of Things device to work for you it needs to know about you, so you should know what information is being collected and where it is going.”
OAIC conducted the review from April 11-15 this year, in unison with fellow international regulators through the Global Privacy Enforcement Network (GPEN), which comprises 25 participating data protection authorities.
When it comes to the collection, use, and disclosure of data, the OAIC also revealed in its sweep that 27 percent of businesses did not indicate whether personal information would be shared with third parties.
The OAIC found that some organisations did not make it clear what information would be collected, reporting it was unclear whether a username, address, phone number, date of birth, phone, or browsing history was stored by over a third of the businesses whose privacy communications were looked into.
Over 50 percent of devices reviewed by the consortium collected a user’s date of birth, location, address, phone number, or a unique device identifier, with over 80 percent collecting a user’s name and/or email.