What About GDPR for IoT?

what about GPDR for Internet of Things?

Disclosure: Nothing in this blog should be taken as investment advice. Do your own research. This blog is supported by advertising and affiliate links... Links to products and/or services on this blog may include links to affiliate programs that provide commissions to this blog. All of the content in this blog is 100% my own opinion.


It was widely reported that an Amazon Alexa device recorded a family’s conversation without them knowing, and then emailed the recording as a text message to someone in their contacts list.

I’m no privacy lawyer, but I’m guessing this would be considered illegal.

Smart Speakers… A Solution In Search of a Problem?

Honestly, I don’t understand why people have these things in their homes unless they completely trust the company that manufactures them.

I would never buy an Amazon smart speaker.

I would never buy a Google smart speaker.

I use both Amazon and Google on regular basis. But I don’t trust these companies with any more of my data than they already have… Which is a ton.

Nor do I want them listening to literally every sound in my house while their speakers are in standby, waiting for a “wake” command.

I do have an Apple HomePod… Which I bought because I use and enjoy Apple products. It lives in my office where it rarely has access to any other voices than my own.

Even though I’ve described my challenges with Siri, I trust Apple more than any other tech company.

But even with Apple, you should not just “trust” that these billion (soon to be trillion) dollar tech companies care about you at all.

They don’t.

And it’s because of these massive companies Hoovering up our data that many small business owners in the U.S. just had to suffer through compliance with the EU General Data Protection Regulation…

The GDPR law is an asymmetrically burdensome, complete pain in the ass for the majority of U.S. small businesses that have a presence online.

What about GDPR for IoT?

GDPR aims to address the problem of permissionless collection of user data on the web…. But what about the Internet of Things?

The potential for abuse in IoT it seems is much greater.

This Amazon Alexa issue is a case in point.

GDPR regulation requires consent. In most cases, it requires explicit consent.

Imagine being a guest in someone’s home and having your conversations recorded without your knowledge… This is a probable scenario.

It’s simply not possible for a visitor to someone’s house to give consent to an Amazon Alexa device that is recording everything all the time.

What about video cameras, which are everywhere…

Even in your car, facing you, not looking out toward the road.

How can you give your consent to your data, which will (or should) include your face, and likeness in public and private?

This “1984” type scenario is becoming impossible to escape, not only in our own homes, but in our cars as well.

A 2016 white paper by McKinsey predicts that the market for automotive telematics and other data will be between $450-$750 billion by 2030.

And Consumer Reports’ latest issue states that cars today have over 200 data points in them, with at least 140 viable business uses.

If consumers own this data… What happens as we progress throughout our day?

  • Wake up with Amazon Alexa
  • Drive to work in late model car with the event data recorder (EDR), Internet connection and telematics
  • Log on to computers and check Gmail
  • Check iPhone 80 times per day
  • Drive back home with the vehicle camera recording performance
  • Unlock smart door and ask Alexa to turn on the lights
  • Turn on Netflix or Amazon Prime Video on the Internet connected TV.

Is the web of IoT devices gaining explicit consent while harvesting our data from the time we wake up to when we go to bed?