There’s one battle my husband and I have fought ever since we started cohabiting: whether to allow “smart” appliances in our home. He, an enthusiastic gadget fan, would happily connect all of our household goods to the internet so he could control them from his phone. I, a jaded tech journalist, am far too paranoid to surround myself with a bunch of data-guzzling surveillance machines.
So I felt somewhat vindicated when I saw the latest story about a seemingly innocuous utensil apparently getting a bit too data-hungry. The consumer group Which? found that three air fryers it tested had connected phone apps that requested permission to record audio – not something you’d imagine to be a critical function for an object whose sole purpose is to cook food. The devices also wanted to know users’ exact locations.
If you ask me, there’s no need for an air fryer – or a fridge, washing machine or toaster – to be connected to the internet at all, though I can appreciate that there is some merit to the concept. A main benefit of smart appliances is that they allow for remote operation, so you can set off a load of laundry to finish just when you get home from work, or check which groceries you’re running low on while at the supermarket. But a lot of these devices and their connected apps gather high levels of personal information, often with little transparency and despite regulations that are supposed to limit the data they process.
All smart appliances need to collect some data in order to fulfil their promised functions. Audio access, for example, is needed for voice-activation services (apparently some people really want to talk to their light switches). But often, devices request more permissions than they really need or use. Many of the items Which? reviewed – which also included smart TVs, speakers and watches – also connected to third-party trackers that can monitor data from your device and be used for various purposes, including marketing and advertising.
Many of us have a general sense that tech gathers more of our personal data than we’re comfortable with. There’s a popular conspiracy theory that social media apps are snooping on our private conversations to serve us ads, secretly using our phone microphones to pick up on our consumer desires: you talk to a friend about a tool you need for a DIY project and suddenly find ads for power drills popping into your social feeds.
Despite the persistence of the myth, this almost certainly isn’t happening, according to researchers at Northeastern University in Boston. They tested more than 17,000 apps, including Facebook and Instagram, and found no examples of a microphone being activated unexpectedly or audio being sent out without the user’s knowledge.
But if that sounds reassuring, all it really shows is that advertisers don’t need to listen to your private chatter in order to serve you ads that are relevant to the point of feeling invasive. They already have enough other data on you. And now it turns out that innocent-looking appliance you bought to help make dinner also has no respect for personal boundaries.
It’s not just the possibility of listening in that’s a problem: smart devices can spy on us in all manner of ways. Smart doorbells might watch you enter and leave your house, and fitness watches might constantly track your location. Even data-gathering that seems harmless at first glance could give away more than you may expect. Robot vacuum cleaners could map and share floor plans of your home. Connected sex toys could reveal your bedroom habits. Running apps could disclose the location of your secret army base. Then there’s the potential for abuse. Domestic abusers have used smart doorbells, thermostats and even children’s toys to stalk, surveil and gaslight their victims.
As more and more things get “smart”, it’s harder to resist. My husband managed to sneak an app-enabled colour-changing light bulb into our house, but I drew the line at a Ring doorbell – equipping door furniture with eyes and ears feels excessive.
Really, though, we shouldn’t have to totally avoid smart appliances just to protect our privacy. Despite my grousing, I do actually like technology. I would love to use smart devices that make my life easier – just without having to give up so much personal data. Theoretically, regulation already covers this: GDPR states that companies must be transparent about the data they collect and limit data collection to what is necessary. But there’s some room for interpretation on what counts as “necessary”, and even if companies are honest about how they use our data, how many people read the fine print when they’re just trying to set up an air fryer?
The Information Commissioner’s Office (ICO), the UK’s data protection regulator, will publish new guidance specifically for smart-device makers in spring 2025. Workshops with a citizen jury earlier this year found that the more people learned about how smart devices handle personal information, the less they trusted them. “The overwhelming feeling among participants was that IoT [Internet of Things] products collect an excessive and often unnecessary amount of personal information,” stated a report prepared for the ICO.
The report proposed several commonsense solutions, including clearer privacy policies with bullet points and large text, audio or visual signals to indicate when a smart device is collecting information, reminders about data collection at periodic moments in a product’s lifespan and not just at setup, and a specific and prominent control to opt in or out of personal data being used for advertising.
It’s not exactly rocket science. The thing is, regulations are only effective if they’re enforced – including, as the Which? editor, Harry Rose, points out, against companies operating from other countries.
Meanwhile, it may be a good time to check through your phone settings and see just what each of your home appliance-linked apps has access to. Or join the ranks of grumpy Luddites like me and consider how smart you really need your kitchen utensils to be.