Smart device manufacturers will be issued with new guidance on how to comply with data protection laws, a watchdog has said, after it emerged air fryers may have been listening in on families’ conversations.
The Information Commissioner’s Office (ICO) said people feel their household products “collect too much information about them” and they feel “powerless to control how their information is used and shared”.
The watchdog is set to issue new guidance in spring 2025 after a report by the consumer group Which? revealed how some air fryers, smart TVs and smartwatches have been collecting data on those who own them.
Three air fryers, made by the Chinese brands Xiaomi, Tencent and Aigostar, wanted to record audio on their owner’s phone for no specified reason, according to the Which? study.
The Aigostar and Xiaomi fryers also sent people’s personal data to servers in China, although this was flagged in the privacy notice supplied with the product.
Meanwhile, smart TVs made by Hisense and Samsung which were tested by Which? asked for people’s postcodes during set-up. Samsung’s TV app also asked for permission to be able to see all the other apps on the user’s phone.
All of the products in the research required privacy consent to work properly and wanted to know users’ precise locations.
This includes the Huawei Ultimate smartwatch which requested nine “risky” phone permissions – the most of all the devices in the study.
Which? defines “risky” as giving invasive access to parts of someone’s phone. This includes knowing the user’s precise location, the ability to record audio, access to stored files or an ability to see all other apps installed.
Huawei said all of the permissions it asks for have a justified need.
There is no suggestion of illegal behaviour by any of the companies mentioned in the study.
It comes amid reports a company that was not part of the research reserves the right for its smart ovens and similar appliances to collect details of “what you are cooking and how you cook”.
Stephen Almond, executive director of regulatory risk at the ICO, told Sky News: “Ultimately, what we’re seeing is actually consumers paying twice. Paying first for the product that they’re buying, but then second, paying with their data.
“And that data is being used potentially for targeted advertising, also gathering more information about how the market is developing in this sort of area. So it’s really important if these devices are to be used with trust by people, that the industry comes clean around how people’s information is being used.”
An estimated £15bn worth of smart gadgets are expected to be bought by people in the UK this Christmas, according to the home assistance provider HomeServe.
It has been reported that in many cases a product’s manual reveals the extent to which the manufacturer collects personal data.
However, according to one estimate, the average consumer privacy policy reportedly runs to 8,000 words – requiring around 35 minutes of reading time.
An ICO spokesperson said its fresh guidance for firms next year will “outline our clear expectations for what they need to do to comply with data protection laws and, in turn, protect people using smart products”.
Read more from Sky News:
Prince Andrew statement on China ‘spy’
Syrians celebrate ‘Victory Day’
US charges N Koreans in ID theft case
They said in a statement: “It will cover areas including how to ask for consent, how to provide privacy information and what tools need to be available for people to exercise their rights.
“The upcoming guidance will provide clarity on our expectations for manufacturers, allowing them to plan and invest in the use of information responsibly. We want to help organisations get it right – however we will be closely monitoring their compliance and will be ready to act to ensure consumers are protected from harm.”
They said “smart products know a lot about us” including who people live with, what music they like and what medication they are taking.
“That’s why it’s vital that consumers trust smart product manufacturers to use their information safely and in the ways they expect. For example, we would expect a smart product to only use and collect the personal data it needs to provide its functions,” they added.