Thank you very much for that. I work in an industry (in the US), but we have increasingly detailed training on GDPR, HIPAA (US healthcare information regulations), CCPA (California’s version of GDPR) and on and on. I didn’t know the UK had their own version.
The lack of uniformity in the US is making it increasingly difficult to comply with everything over here, with states constantly passing their own laws on digital privacy, but those penalties for non compliance vary so greatly it’s almost impossible to follow.
Yeah, in a perfect world this would be the case. But people want convenience (like a camera in their fridge to see if they need milk or not), consequences be damned. I still have yet to see a proper use case for ~90% of IoT shit out there. Besides harvesting data and / or leaving gaping security gaps, of course.
The quote from EFF really highlights concerns about such a system.
I’d love to see the data gathering and protection policies in place for all the footage aggregated. Are the cameras constantly being recorded? Where is the footage stored? Who has access? How is the data (camera locations, footage, authorized users, access logs, etc) protected? How long is it saved? What happens to the data when the contract ends and isn’t renewed? What happens to all the monitoring software installed on a camera “grid” once the contract ends? Is it uninstalled automatically or just shut off and left there?
It’s troubling enough that towns as small as 25k people are blowing such a large chunk of money on hypothetical situations, but there’s zero mention or transparency into the security aspect of this entire enterprise. So many of these IoT outfits ignore data security, because they feel it’s somebody else’s problem. It’s the main reason why you don’t want household IoT devices on the same network as your trusted devices.
As someone who daily drives a 20 year old Toyota, I couldn’t agree more.