High-tech doorbells, TVs and even washing machines are invading our privacy by gleaming personal data, a consumer group has warned.
Which? has concluded that the smart gadgets are collecting more data than is needed, going as far as branding the household devices “spies in the home”.
It analysed the privacy policies of popular branded speakers, cameras and doorbells and found they demand a lot more personal information than required to function.
That included smart cameras and doorbells made by Chinese company Hikvision, whose CCTV cameras were deemed by surveillance experts say poses a security risk,
Research shows that Ezviz smart cameras and doorbells which is sold by major high-street retailers including Argos, had trackers from at least two other Chinese companies including TikTok’s business marketing unit, Pangle and Huawei.
It also had trackers from Google and Meta that hoovered up personal data, Which? found.
Bose smart speakers, which share user data with Meta, also share information with Google Nest products, which request contacts and location.
Arlo, owned by the burglar-alarm brand Verisure; Eufy—another Chinese firm— as well as Amazon-owned Ring, which makes smart doorbells, want permission for people’s background location.
This is not necessary to alert users when their home security system is triggered, Which? claimed.
Much of the data harvesting is done through mobile apps connected to the devices.
The group has now called on the UK’s privacy watchdog to intervene and urged consumers to be more vigilant in their approvals.
Speaking about the consumer group’s research. Rocio Concha, Which? director of policy and advocacy, said it is unacceptable that the public continues to “pay” for using smart devices with their personal data.
“Consumers have already paid for smart products, in some cases thousands of pounds, so it is excessive that they have to continue to ‘pay’ with their personal information,” Ms. Concho said.
“Firms should not collect more data than they need to provide the service that’s on offer, particularly if they are going to bury this important information in lengthy terms and conditions.”
Ms Concho urged the Information Commissioner’s Office (ICO) to consider updating guidelines to better protect consumers from accidentally giving up huge swathes of their own data without realising.
She said: “Under the data protection laws, companies must be transparent about what they collect and how it is processed and the collection must be relevant and only necessary.
“However, the reasons for taking information are often too broad for consumers to appreciate, Which? says, with companies claiming ‘legitimate interests.’”
The Which? report, published on Thursday, said consumers need to “closely analyse” the fine print before they hit “accept” when signing up to new devices and apps.
The “Spies in the Home” guide said that many are failing to fully understand what exactly they are signing up to as privacy policies are often long and confusing.
Google Nest’s is 20,000 words long, which would take an hour and 20 minutes for an average reader to wade through.
Speaking at a recent Commons inquiry into connected devices, Dr. Efpraxia Zamani, senior lecturer in information systems at the University of Sheffield Information School, said that terms and conditions are so complicated that consumers do not consent to data sharing but rather “surrender” it.
The Commons Culture, Media and Sport committee recently called on the government to standardise privacy interfaces for connected devices to rectify this problem.
Responding to the report, a spokesperson for Amazon said: “We design our products to protect our customers’ privacy and security and to put our customers in control of their experience.
“We never sell their personal data, and we never stop working to keep their information safe. We use data responsibly to deliver what our customers expect: products that they love and are always getting better.”
A Google spokesperson said: “Google fully complies with applicable privacy laws and provides transparency to our users regarding the data we collect and how we use it.”
Arlo and Eufy did not respond to requests for comment.