91% of the UK would like better privacy laws for IoT devices

Research shows that despite GDPR, consumers still have clear concerns about responsible data use and eavesdropping of IoT devices.

  • Wednesday, 31st July 2019 Posted 5 years ago in by Phil Alsop
Nine of out ten British consumers believe that there should be legal privacy and security standards that connected device manufacturers must comply with, according to new research. The study, conducted by IPSOS Mori on behalf of the Internet Society and Consumers International, polled over six thousand consumers across the globe, revealed that the majority (88%) of consumers believe that retailers have a responsibility to ensure the devices they sell come with solid privacy and security standards.

 

According to the study, three quarters of UK consumers are concerned about how smart devices are using their data without permission, with 67% worried about these devices eavesdropping. These worries come despite a high level of technical competency, with almost two thirds (64%) well aware of using encryption to protect themselves, and 76% understanding how to apply security updates on a regular basis. However, the poor user interface on many IoT devices can make it difficult to apply this knowledge, increasing the risk of outdated software patches and consequently, security flaws. 

 

This lack of trust is reinforced by the survey’s findings that almost half (43%) of UK consumers admitted that they do not trust IoT devices to handle data responsibly, and the same percentage (43%) not believing that IoT devices would stop unauthorised data access. There have been many well-publicised occasions when IoT devices have been recruited into botnets, which can mine cryptocurrency, carry out DDoS attacks or even distribute malware in turn.

 

“Currently, not enough is being done to strengthen the security and privacy of consumer IoT devices. We need suppliers of consumer-grade IoT devices and services to adopt IoT security and privacy principles in the production of their devices.  Adoption of these principles will protect the network, its users, and critical information infrastructure from cyber threats,” explains Frédéric Donck, European Regional Bureau Director for the Internet Society.