By Pulak Satish Kumar, COO and Director, Puresight Systems
The recently concluded Consumer Electronics Show (CES) 2020 showcased many new and innovative smart home devices, giving us a glimpse into the future of connected homes. From LG’s ThinQ Smart Door to Samsung’s Sero, a 47-inch 4K QLED TV that seamlessly connects to the user’s phone, CES 2020 clearly indicated the remarkable development of IoT and smart home automation. There’s no doubt that smart home appliances are becoming more common by the day.
Millions of people have voice-activated smart speakers like Amazon Echo or Google Home, smart TVs and even smart locks. After all, these connected devices make a significant contribution to making our lives convenient. However, the increasing adoption of smart home technology has sparked privacy concerns.
What risks come with smart home devices?
Smart home devices collect a vast amount of user data, including their location, buying patterns and taste in music, among others. While the gathering of such information can be seen as a violation of privacy, tech majors believe that these data points help deliver better, a more personalized experience. However, this is not to underestimate the potential security risks that can arise if personal, sensitive information of consumers goes in the wrong hands, i.e. third-party vendors.
Data breaching, phishing, identity theft and impersonations – the perils are many. As a result, smart home companies can face far-reaching consequences such as lawsuits, loss of consumer trust, huge fines and a stained reputation. One can take a cue from Facebook’s Cambridge Analytica scandal as the social media giant continues to face flak even after almost years from the incident.
Addressing the privacy risks
On the global front, big tech companies are bringing changes to their privacy policies and operations to ensure a higher level of transparency. Executives and Apple and Facebook recently took the stage at CES 2020 to stress the use of privacy techniques such as de-identification of user data and on-device processing to minimize personal data storing.
Taking a defence-in-depth approach to security is necessary in today’s environment – adding multiple layers of protection around the devices, cloud and apps. Starting from product development to procurement, standardized security guidelines should be met at all stages. Companies should also ensure that suppliers' and partners' supporting infrastructure (including physical infrastructure, cloud and mobile apps) are properly configured, monitored and continuous security improvement processes are in place.
When it comes to data security and encryption, access to users’ personal data should be restricted, monitored and regularly audited. Moreover, apps should only be sold to authorized application stores like Google Play.
Government initiatives
The Indian government is also taking measures to address the security concerns that come with the use of smart home devices. The draft Personal Data Protection Bill, 2019 offers a solid framework for protecting citizens’ privacy, and bars technology companies from collecting and processing ‘sensitive’ personal data without taking explicit user consent. It is expected to bring “accountability and transparency” into India’s data ecosystem while tackling the loopholes that currently exist.
Moreover, the bill imposes special restrictions on cross-border data transfers and also prohibits cross-border processing of sensitive personal data and critical personal data. Another important provision of the Personal Data Protection Bill, 2019 is “right to be forgotten”, which means organizations won’t be able to store or use customer data after the purpose of which it was collected is met. All of these guidelines will certainly bring down cases of security breaches and help companies strengthen their user trust.
The power lies in the hand of the user
Needless to say, the importance of protecting user privacy can’t be overstated. Both the government and companies should come together to ensure their commitment towards user safety. However, it is also the users’ responsibility to re-evaluate their online behaviour and thoroughly read the T&C conditions before signing into any app. There are various unverified third-party apps, websites and online portals that keep a track of users’ online activities and store data illegally. Such incidents can only be avoided if the user takes a few cautionary steps, understand the difference between authorized and unauthorized platforms.
Views expressed are author’s own