In 2015, Accenture surveyed more than 28,000 consumers in 28
countries of which 47% reported that they did not plan to buy an
IoT device because of concern over privacy and security issues. A
2015 report from the U.S. Federal Trade Commission documented
security and privacy IoT device shortfalls, and called on
manufacturers to take a more active approach to integrating
informed consent and security measures in their products.
Consumers are primarily concerned with consent, use and
transparency surrounding the data that is being collected by IoT
devices. While the Personal Information Protection and Electronic
Documents Act ("PIPEDA") provides ground rules for how
companies can collect, use or disclose personal information for
commercial activities, connected devices require further
consideration of the traditional methods of providing consent.
Connected devices make compliance with PIPEDA privacy principles
difficult. As noted in the Office of the Privacy Commissioner of
Canada's recent report, IoT devices are designed to
operate quietly in the background of our lives. Potentially unaware
of data collection by connected devices, consumers are unable to
provide meaningful consent. Similarly, notice is difficult to
provide, given that the user interface of many connected devices is
often invisible or controlled remotely.
Recently, the Office of the Privacy Commissioner of Canada
announced that it is joining a global study on the privacy implications of IoT
health devices. The "privacy sweep," coordinated by
the Global Privacy Enforcement Network, is a collaboration between
privacy organizations across the globe with the goal of increasing
awareness of privacy rights and responsibilities for consumers and
businesses. Concerns identified as a result of the
"sweep" could result in outreach and engagement with
organizations in the business of connected devices and/or
enforcement action by authorities.
Privacy organizations around the world are taking note of IoT
devices and considering appropriate ways to apply traditional
privacy principles to the evolving "smart" environment.
The OPC's involvement in the "sweep" evidences the
organization's commitment to identifying the risks to consumers
in this new space, but we still have not seen any meaningful
progress on guidelines for corporations to ensure that they are
addressing privacy concerns around consent, accountability and
transparency. We hope that results from the "sweep" will
*This article was written with the assistance of Alyssa
Gebert, an articling student at Aird & Berlis LLP. Alyssa will
be returning to the firm in September as an associate.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).