Trust lawyers to make even most interesting of things seem boring. While there are hundreds of articles on the internet titled "Your Drawing Room is listening", "Your Smart TV is spying on You".
I decided to break it down into what these noisy articles mean, legally and as a consumer.
An average adult will be using three to four devices per day by 2018. Most of us use upwards of two already. With almost every website collecting your data (sign in using Google, email id or Facebook) to using sophisticated and not-so-sophisticated tools to track your web-movements, there's hardly anything you can keep personal anymore.
In India, even the government is collecting data of it's people in the form of Aadhar Cards under UIDAI.
So, what exactly is Private/Personal Data and how can you protect it?
There are various laws and interpretation defining private data. Take for instance,
According to Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 of India,
Sensitive personal data or information of a person means such personal information which consists of information relating to
(ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for providing service; and
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
And According to the Privacy Protection Bill, 2013,
Personal Data is any data, which relates to a natural person if that person can, whether directly or indirectly in conjunction with any other data, be identified from it and includes sensitive personal data. Sensitive personal data are the personal data as to the data subject's:
(i) Biometric data;
(ii) Deoxyribonucleic acid data;
(iii) Sexual preferences and practices;
(iv) Medical history and health;
(v) Political affiliation;
(vi) Commission, or alleged commission, of any offence;
(vii) Ethnicity, religion, race or caste; and
(viii) Financial and credit information.
However, Financial and Credit information as well as data about commission of offences might be available in public domain and should be within reasonable limits to divulge.
What should the Consumers do to protect their privacy online?
"By enabling Interactive and Interest Based marketing features, you may make the content and advertising that you receive on your Smart TV and other devices when you are watching Smart TV more interactive and in tune with your viewing preferences. TV programming providers or advertisers can enhance video programs by providing interactive content, such as in-program trivia, show insights, games, and promotions, on your Smart TV or other devices. Similarly, advertisers can enhance their ads by enabling users to take immediate action (e.g., downloading a coupon or app) in response to an ad.
To make these kinds of enhancements and interest based marketing available, we collect video or audio snippets of the program you’re watching and use this information in order to return content or advertising “synched” to what you’re watching. Viewing history will also include information about your device (e.g., its IP address and device identifiers) and your interactions with the content and advertising they provide. You may disable these interactive interest based marketing features at any time by visiting the “settings” menu. The choices you make with respect to interactive marketing features will not affect whether you receive other types of ads and marketing on your Smart TV."
This policy enables Samsung TV not only to record the program you are watching but also your personal identifiable features like IP address, identity of your device.
How can Samsung use this data?
It can provide your data, in encrypted or un-encrypted version to any third party interested in marketing to you. The third party might be able to profile you on the basis of the shows you watch, the commands you give to the TV or the advertisements you interact with and send you targeted advertisements.
However, if Samsung or any third party do not take reasonable precautions in saving your data from potential hacks, there might be some serious repercussions.
"We may create a profile of your use of our products, services, and websites based on information we have collected from you and your Motorola products. We use the profile to provide services and support and to make improvements to our offerings.
The default policy of the device is to track you. Motorola tracks each and every way your device is being used by you. You will have to 'Opt-Out" if you are uninterested in the campaign.
"Our business model is very straightforward: we sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetise” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.
Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."
Though Fitbit claims that it will never sell your data to third parties, Terms and Conditions apply. Look closely
Fitbit may share or sell aggregated, de-identified data that does not identify you, with partners and the public in a variety of ways, such as by providing research or reports about health and fitness or as part of our Premium membership. When we provide this information, we perform appropriate procedures so that the data does not identify you and we contractually prohibit recipients of the data from re-identifying it back to you."
However, it's policy limits the usage of the data to only "de-identified" which means your device id, passwords, social security numbers are not shared.
Should you opt out?
Opting out is a personal decision. Some of you might not mind your data being shared. Don't we all at some point have or had willingly put our vacation details, photos of babies or private details on the internet?