With news that smart TVs are collecting vast quantities of personal information and then passing this to Google and Amazon, is this the cost of using this technology, or a breach of our privacy?
The next time you sit down to binge-watch something on Netflix, is your TV or connected device collecting masses of personal data? As IoT (Internet of Things) accelerates its development, the question of data privacy moves to the top of our security agendas.
According to research from two separate studies, our smart TVs and the devices we connect to them to access the raft of streaming content, are collecting and then transmitting our personal information to companies responsible for most of the ads we all see online.
In one of the studies, nearly 90% of Amazon Fire TV channels had ad trackers built into them. The researchers in no uncertain terms stated: “Several non-first-party destinations (in particular Amazon, Google, and Akamai) receive information from many of our IoT devices, thus allowing them to potentially profile consumers.”
With the GDPR regulations now in force, is this tracking and transmitting of personal information legal? Johnny Ryan, the chief policy officer of web browser maker Brave, has submitted a claim to the Data Protection Commission (Ireland) that GDPR was breached. The use of tracking and forwarding applications that allegedly monitored his browsing is the basis for his claim.
The Commission stated: “The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR). The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.”
Speaking to the FT, Ryan said: “This practice is hidden in two ways: the most basic way is that Google creates a page that the user never sees, it’s blank, has no content, but allows third parties to snoop on the user and the user is none the wiser.”
On the impact of GDPR on data privacy, Tom Gaffney, Principal Consultant at F-Secure, commented to Silicon: “GDPR has been double-edged in this respect. While the regulation about the abuse of personal details has been a definite game-changer, regulation through cookie notification has been a disaster.
“The responsibility has been pushed by regulators and companies onto the user to accept terms or not use the product. I’m not sure additional regulation is required but a refinement. I would like to see a plain English option mandatory for all privacy terms. Something that distils the legalese. This would be helpful if governments and regulators could provide a template.”
The question of how much personal information we all give away to access the digital services we want to use is a debate that has been raging for over a decade. The ‘deal’ is often to access free media services in exchange for purchasing or browsing behaviour tracking, which forms the foundation onto which today’s tech giants base their ads, which in many cases, are their main revenue streams.
Research by Deloitte Insights concluded: “Across the board, consumers surveyed also appear more willing to share data when they feel they get some value in return. Some 79% of our respondents agreed that they would be willing to share their data if there was a clear benefit for them. This means that companies should consider thinking about giving consumers a return on data. Whether it is something that entertains, informs, or rewards the consumer, companies should understand that many consumers may provide information in exchange for something that benefits them.”
Collecting, transmission and manipulation of personal data are not new. It’s often the clandestine way in which this information is collected that is continuously overlooked. Personal data security is never far from the news headlines, but, taking practical action on a personal level is difficult.
For many of us, managing multiple passwords is time-consuming. Is the password on your internet router still using its factory defaults? You would have been asked to consent to personal information being collected about your TV and how it’s used when you first set-up your television. But few of us understand how this data is being used and, how it impacts other aspects of our lives.
Paul Bischoff, a privacy advocate for Comparitech.com, told Silicon: “It would be great if, when I see an ad, I could figure out where the data used to target that ad came from. I think there’s a huge disconnect between data being gathered for ads and showing targeted ads to users. People see ads all the time, but they seldom seem aware of what information they gave up, to whom, and when that led to that ad appearing on the screen. I would like to see this change.”
If our smart TVs are eavesdropping on us, are we powerless to act, if we want to have access to the vibrant media mix that has become part of our everyday lives?
Daniel Chapman, Managing Director, Products and Solutions at Havas Group Media thinks business will have to become more attuned to their customers to avoid a backlash: “Simply put, companies will have to make a call on how targeted they want to be, as targeting does damage brand equity – especially if the ad is incongruous to the context the individual is in.
“Companies will need to be more exact in their choice of data, to build interaction in a moment of category context, and (more than ever) ensure that their creative matches this, so things don’t seem out of sync. The incongruity of an ad highlights that an individual’s data is being used and, can instantly turn someone off. That’s bad for the performance of the ad but even worse for long-term brand equity.”
Indeed, Yossi Naar, co-founder and Chief Visionary Officer, Cybereason was succinct in his assessment of how our personal data is collected when he stated: “Ad tracking is completely out of control, and if consumers were aware of even 10% of what’s really going on, there would be a massive public outcry for it to stop. It’s hard to describe the endless trove of personal data advertisers has on us. This data is traded by companies most people never heard of, for purposes that are hard to imagine.”
Every time we switch-on our TVs, post photos and videos on our favourite social media sites, make an online purchase or surf the Web, every action is tracked to form a detailed personal profile that advertisers pay very good money for.
The Cambridge Analytical debacle has, to a degree, focus consumer minds on how their personal data could be used to influence the decisions they make. The research about smart TV collecting data is disturbing, perhaps simply because we view our TVs as passive devices.
Says Jamal Ahmed, Privacy Consultant, Kazient Privacy Experts: “Business that share personal data with third parties for marketing purposes are required to acquire consent from the individual and name any third party they wish to share this data with. The problem is that many businesses buy this data without checking or caring that the data they are importing was collected in a legally compliant fashion knowing full well that the monitoring of such transactions goes unmonitored and the likelihood of enforcement is very low and as such they make a business decision to accept the risk.”
With Camilla Winlo, Head of Consultancy Services at DQM GRC concluding: “Companies can only make good business decisions and provide beneficial targeting if people trust them enough to supply accurate, reliable data. The only way to build that trust is for a company to be transparent in what it’s going to do with it. Typically, a company will only feel comfortable being completely transparent if it knows its customers are going to be happy with what it’s saying. If organisations believe what they are doing is right, they should be proud to explain it to their users.”
Internet-connected devices have been able to collect user data for several years. The new research that focused on TV’s and the devices used to connect TVs to media sources may be worrying only because we have an immediate and personal connection with television today. The fact the TV is usually in our main living spaces and is witness to much of our activity is concerning.
The Orwellian environment our connected devices seem to have created is a product of our need for more free digital services. The pact we enter into with the suppliers of these services will inevitably mean less privacy.
Understanding how each device collects our personal data and then make an informed decision about whether to allow this should be a priority for us all. However, the reality is there is just too much content we want for free or at low-cost access to. In this scenario, a level of knowing ignorance seems the default setting for us all.
How to switch-off tracking on smart TVs
If you don’t want your smart TV to track you, you can switch these features off in the TV’s settings menu.
Go to SETTINGS>SUPPORT>TERMS AND POLICIES and turn off ‘VIEWING INFORMATION SERVICES’ and ‘INTEREST-BASED ADVERTISING’, or ’SYNCPLUS AND MARKETING’ on some older models.
Go to ALL SETTINGS>GENERAL and switch off ‘LIVE PLUS’ then ALL SETTINGS>GENERAL>ABOUT THIS TV and switch off PERSONALISED ADVERTISING from within ‘USER AGREEMENTS.’
Sony TVs make this harder. You will need to re-run the setup wizard and disable the SAMBA INTERACTIVE TV USER AGREEMENTS
Amazon Fire Stick
Go to SETTINGS>PREFERENCES>ADVERTISING ID and turn off ‘INTEREST-BASED ADS’. This may be under SETTINGS>SYSTEM for some older models.
Go to SETTINGS>PRIVACY>LIMIT AD TRACKING and switch it on. Some older models many need you to go to SETTINGS>GENERAL and switch ’SEND DATA TO APPLE’ to ’NO’.
Tap the three dots in the corner of your home screen to open the menu and go to ‘DEVICES’. Choose your device, then tap the three dots again and choose ’SETTINGS’. Untick the box marked ’SEND CHROMECAST DEVICE USAGE DATA AND CRASH REPORTS TO GOOGLE’.
It’s important to understand that this only stops your data being collected by your smart TV – it doesn’t stop platforms like Netflix, for example, from monitoring your viewing habits.
Camilla Winlo, Head of Consultancy Services at DQM GRC.