Study Finds Most Devices Don’t Reveal How Personal Information Will Be Used

Six in ten “Internet of Things” devices don’t properly tell customers how their personal information is being used, an international study has found. The GPEN (Global Privacy Enforcement Network) study, conducted by 25 data protection regulators around the world (including the IPC), looked at devices like smart electricity meters, internet-connected thermostats and watches that monitor health, and evaluated how well companies communicate privacy policies to their customers. Sixty per cent of devices failed to adequately explain to customers how their personal information was collected, used and disclosed. These results indicate that companies making these devices need to provide more clarity about how they are protecting customers. If customers are not clear about how their data is being used, they should ask for clarification or not use the device.
Ontario health information custodians must be aware of their obligations under Personal Health Information Protection Act (PHIPA) whenever they prescribe the use of remote monitoring and communications devices for their patients. Our guidance document, Frequently Asked Questions: Personal Health Information Protection Act discusses these obligations.

Review the news release.

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:
Telephone: 416-326-3965

Social Media

The IPC maintains channels on Twitter, YouTube and Linkedin in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.