A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 17 May 2016
The Global Privacy Enforcement Network ("GPEN"), the informal network of Data Protection Authorities which looks at transnational privacy and data security issues, has announced that the Internet of Things ("IoT") will be the focus of its annual "privacy sweep", which has taken place during April. This follows previous "sweeps" reporting on online services for children, website privacy policies and mobile phone apps.
IoT has been spoken of for some time, but the move towards it is gaining momentum. Put simply, it describes the ability of every day physical objects to connect and interact with each other through the use of smart technology, such as sensors and chips, embedded in the items. This allows objects to store data and communicate in real time over the internet. This has been seen in the insurance industry with the introduction of technology such as telematics boxes and fitness trackers.
The "sweep" has been coordinated by GPEN, with different Data Protection Authorities focussing on different areas. The various authorities have adopted a range of approaches; some purchasing products and assess privacy communications right out of the box, with others focussing on the website privacy notices and contacting the data controllers directly with specific questions.
The Office of the Privacy Commissioner of Canada is has focused on health devices. “Connected devices, such as fitness trackers, smart scales, sleep monitors and other health related products, are capable of capturing some of our most intimate data,” Canada's Commissioner Daniel Therrien said in a press release issued by the Office of the Privacy Commissioner of Canada.
Both the French (link in French) and Italian (link in Italian) Data Protection Authorities are looking at IoT devices used in the home, such as connected cameras, scales, blood pressure monitors, fitness trackers. The CNIL (the French Data Protection Authority) has said that it is looking at the quality and transparency of information provided to individuals, the security of devices, and the degree of user control. The Italian Data Protection Authority will look at companies’ transparency in the use of personal data and their compliance with data protection rules.
Other Data Protection Authorities are focussing simply on privacy notices. The Belgium Data Protection Authority is looking at smart metering systems, and the Gibraltan Data Protection Authority at smart electricity meters, internet-connected thermostats and watches that monitor health.
In Ireland, the review will involve an in-depth look at IoT devices available to users in this jurisdiction in Ireland, such as smart electricity meters, fitness trackers and telematics, and the Irish Data Protection Authority will be reviewing how well companies communicate privacy matters to their customers.
At the date of publication, the UK ICO has not revealed what its focus will be.
The combined results of the privacy sweep will be published in September. In the meantime, Data Protection Authorities will contact companies covered by the sweep, as and when concerns arise.
In anticipations of the results being published, insurers should be aware that there is also the risk that companies insured may face enforcement action as a result of the sweep. However our experience to date is that, rather than taking strict enforcement action, the ICO will engage with the relevant data controller if any data protection breaches are found. Ideally, the insurer/broker will be involved as soon as the ICO contacts the insured, to help manage that process and mitigate the cost.
We will be reporting further when the report is published, and we expect there to be guidelines as to best practice for privacy notices and handling data generated by IoT devices, and how this impacts the insurance sector.
Return to main page >>>
Lisa Broderick, Rowena McCormack, Julie-Anne Binchy, Charlotte Burke, Simon Halpin, David Freeman
Rhiannon Webster, Jade Kowalski
Khurram Shamsee, Hans Allnutt, Eleanor Ludlam
Jade Kowalski, Rhiannon Webster, Ceri Fuller, Khurram Shamsee, Sophie Devlin, Christopher Air
Jade Kowalski, Rhiannon Webster
Rhiannon Webster, Charlie Christie
Michael McMillen, Rhiannon Webster
Ceri Fuller, Khurram Shamsee, Jade Kowalski, Sophie Devlin, Christopher Air
Hans Allnutt, Patrick Hill, Laura Stewart
Hans Allnutt, Camilla Elliot
Hans Allnutt, Patrick Hill
Hans Allnutt, Rhiannon Webster, Patrick Hill