The ICO exists to empower you through information.

‘Be smarter than your smart tech’ – ICO issues top tips for consumers buying smart devices on Black Friday

Share
Date
15 November 2023
Type
News

The Information Commissioner’s Office (ICO) has shared its top tips to support consumers shopping smart tech this Black Friday.

Smart tech is expected to be a popular category again this year, with Brits primed to bag themselves a bargain in the annual sales event.

From speakers answering your every question to doorbells that let you know about (un)welcome visitors in real time, the benefits of these devices are obvious. However, the risks to your personal data are often less clear.

Research shows that over half of Brits (52%) feel like they do not know how their personal data is being collected and used 1. This is particularly concerning when it comes to smart devices, which slide seamlessly into our everyday lives and continuously collect information in the background.

John Edwards, UK Information Commissioner said:

“We know that consumers want to enjoy the benefits of smart devices but that they also value their privacy in an increasingly connected world. They shouldn’t have to choose between the two. These tips from our tech experts will help consumers to make informed purchases and have more control over how their personal data is being used.”

The ICO is currently researching smart tech to identify any privacy-unfriendly practices, which will be addressed in its upcoming guidance next year.

Rocio Concha, Which? Director of Policy and Advocacy said:

“Which? is warning consumers to be wary when shopping for connected tech products this Black Friday. Make sure you have researched the product you’re thinking of buying, steer clear of any that have concerning security flaws and check to see how you can control the data the device is able to access or collect.

“Our recent investigation found smart tech firms are collecting more data than they need and burying this important information in lengthy terms and conditions 2. It's positive that the ICO is looking at updating its guidelines on smart tech privacy and vital that this leads to better protection for consumers against accidentally giving up huge swathes of their own data without realising.”

Top tips from the ICO

Before you buy:

  • Think before you click: Buying a smart device should be a considered decision and we recommend taking the time to do your research. Read some reviews and familiarise yourself with the privacy options on offer. You might discover a feature that makes a certain device more appealing, such as a physical switch to stop your smart speaker gathering voice data when you don’t want it to.
  • Preparation is key. As seasoned shoppers will know, the key to a successful Black Friday is in the preparation. Before adding your chosen device to your basket, you should look at how it plans to use your data. Privacy policies can be daunting, but skimming the section on data collection should give you all the information you need. You can also review permissions in the app store to check if you’re comfortable with the data that your device will want to access.

Once it’s arrived:

  • Don’t switch off during setup. Make sure to pay attention during the setup of your new device and consider requests for data sharing carefully – did you know that some of the data sharing is not necessary for your product to work? Use the privacy controls and app permissions to manage access to your personal information, such as your location.
  • Keep the updates rolling. You can usually enable regular updates of your device during setup. When downloading an app, check when the developer last updated it in the app store. If it was a while ago, this could be a sign that the company hasn’t kept on top of their security.
  • ‘Password123’ is not a password. Sticking with a default or easily guessable password is like leaving your front door open. To reduce the risk of your device being hacked, use three random, memorable words.
  • Be picky about who gets your data. Some smart devices offer data sharing with other services as a gateway to unlocking more features. For example, some fitness trackers can ask to share your health data with other apps. You should only consent to companies you know and trust.
  • Intrusive ads can be avoided. You may want to keep some interactions with your smart device to yourself. For example, you may not want to be targeted with ads after asking your smart assistant to add a pregnancy test to your cart. Many Brits (57%) are concerned that smart speakers will gather personal information that could be shared with third parties 3. Luckily, you can choose to limit your data being shared for advertising purposes in the privacy settings on your phone.

When it’s time to move on, break up properly:

  • Many consumers see Black Friday as an opportunity to upgrade their tech. Before saying goodbye to your previous device, you can request for your data to be deleted via the settings, or by contacting the company. Remember that simply deleting an app will not usually erase your data.

The regulator has already tested various smart devices to better understand how they interact with their users when it comes to sharing data. In the upcoming months, the ICO will also be speaking to some of the biggest tech brands to understand the protections they are putting in place for consumers.

To make sure that the guidance focuses on the most pressing privacy concerns, the ICO will be conducting a citizen jury next year, asking a group of people for their views on smart tech and how they think their data is being used.

If you have bought a smart product and still have concerns about how your data is being used, you can complain to the ICO.

Notes to editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.

1 Public attitudes to data and AI: Tracker survey - GOV.UK (www.gov.uk)

2 Spies in your home: Which? warns of security camera that sends data to TikTok and washing machines that demand to know your age  

3 Ada-Lovelace-Institute-The-Alan-Turing-Institute-How-do-people-feel-about-AI.pdf (adalovelaceinstitute.org)