Our smart devices are collecting data about our personal lives. But does it doesn’t have to be this way.
The use of smart devices in the home is rapidly expanding. In many households, digital assistants like Alexa and Siri are a staple, helping us remotely adjust our blinds, set an ambient mood with lights and music, and add items to our shopping list.
But are we being too trusting of our smart assistants when, by inviting them into our most intimate spaces, we allow them to collect data about our private lives?
Dr Ian Warren, Dr Monique Mann and Dr Diarmaid Harkin – criminology researchers from Deakin University – think so. The trio recently published ‘Enhancing Consumer Awareness of Privacy and the Internet of Things’, their report for the Australian Communications Consumer Action Network.
The report explores how Australians use Internet of Things (IoT) products – or devices connected to the internet – as well as how knowledgeable we are about their potential risks to our privacy, and the policy and regulatory challenges that have emerged from their widespread use.
We sat down with Dr Ian Warren to talk about protecting our privacy – and how achievable that really is in today’s digital climate.
#DeleteDataApathy
As people who use IoT products, we can be very apathetic about how our data is collected, stored, and sold. Many of us have resigned ourselves to the trade-off that, in order to enjoy the convenience of these devices, we must sacrifice the right to our complete digital privacy.
Think of the Facebook–Cambridge Analytica data scandal; in 2018, it was revealed that personal data from millions of Facebook users was collected without their consent and used for political advertising. But despite the uproar and the #DeleteFacebook movement, how many of us actually ended our relationship with the social media giant?
Dr Warren argues that we should care more about our digital privacy, not least because the data being collected about us is getting increasingly personal.
“One of the reasons our research team wanted to look at the Internet of Things is because these technologies collect data about our habits and interactions with the devices,” he says.
This is different to the kinds of data we usually associate with privacy law, like names, addresses, political preferences and financial details. What’s valuable now is information that paints a more intimate portrait of who we are as people.
“Our data increasingly involves more personal and intimate details about our day-to-day lives and behaviours,” Dr Warren says. “Understanding why our data is needed by governments or private companies, how it’s collected, and what happens once it’s collected is important for all of us to know.”
Is being mined for data our burden to bear?
So, how do we change this? Does the responsibility lie with we consumers to better educate ourselves about how our data is being collected and used?
Dr Warren says there are practical steps we can take – but they won’t fix all our problems.
For instance, you could look at countries with a stronger regulation of IoT products, such as those in the European Union, to find out which devices are less privacy-invasive. But these products aren’t always accessible in Australia.
Or if you’re tech-savvy, you could try reconfiguring your smart device’s routers, or find other interventions to minimise how often you can be exposed and tracked. But this doesn’t completely solve the problem either.
So for the average consumer, it can be difficult to take any kind of meaningful action; you can read a smart device’s privacy policy booklet from cover to cover and still be none the wiser.
“The terms of service agreements by technology companies are often very complex,” Dr Warren says. “It’s important for consumers to be aware that many forms of personal data are collected and justified for various purposes, but this is often communicated in complex and legalistic ways.”
Currently, the consumer is expected to understand the risks around their personal data being collected, with the implication that they consent to these risks by using the smart product.
“But our research views this as an unreasonable burden on the average consumer,” Dr Warren says.
“At the moment, it’s safe to say that more of our data is being collected and stored than we realise. If we question why this is necessary, we can begin to work towards a better approach that places more responsibility on technology companies and governments to place greater limits on these data collection practices.”
Enshrining our privacy in law
Dr Warren says there’s nowhere near enough emphasis on protecting consumers when we use IoT products. Our only real options are to accept that our privacy is at risk, or to find another product.
But when many smart devices have this same issue, it doesn’t feel like you have much of a choice. If we want to see positive change, we need law reform.
Here’s a possible solution: Dr Warren suggests that organisations should be legally obliged to explain to consumers – in simple terms – what kind of information they collect, how they collect it, and how long it’s stored for.
He also says there need to be restrictions on what is considered reasonable data that can be collected, and how it can ethically be used.
“At the moment, the consumer bears all of the legal burden and the law doesn’t do much to control the amount or types of data collected, or the duration of its storage,” he says.
“More emphasis on these issues is clearly needed to enhance consumer protection.”
Dr Ian Warren is a Senior Lecturer in Criminology at Deakin University.