Israeli Regulator Issues Guidance on Use of IoT Device and Smart Homes Environments

As IoT devices become increasingly common in homes, they pose growing privacy risks. These devices, which include smart thermostats and connected systems, often collect substantial volumes of personal data. They sometimes do so without explicit user consent, revealing sensitive information on lifestyle. The integration of AI in smart homes further complicates this. It analyzes extensive data, often without proper consent, leading to concerns about privacy, user autonomy, and data protection.

To address these issues, the Israeli Privacy Protection Authority has published its recommendations for consumers:

  • Inform household members about possible recording by IoT devices.
  • Use IoT devices cautiously and turn them off when not in use.
  • Install antivirus software on IoT devices before connecting them to the network.
  • Review the personal data held by smart home providers.
  • Avoid installing recording devices in private areas like bedrooms.
  • Limit the use of mobile IoT devices in sensitive areas.
  • Use strong, unique passwords for smart devices and update them regularly.
  • Select IoT products from companies that prioritize privacy.
  • Keep IoT devices updated for enhanced security.
  • Minimize the use of remote-control features to protect privacy.

The Israeli Privacy Protection Authority’s recommendation for Providers include:

  • Controlling employee access to data and products.
  • Implementing robust user identification measures.
  • Adopting “Privacy by Design” and “Privacy by Default” practices, including data encryption and anonymization.
  • Clearly articulating the purposes of data collection.
  • Explaining AI operations to facilitate informed consent.
  • Using collected data solely for its intended and consented purposes.
  • Enabling users to access, review, and delete their data.

Click here to read the Israeli Privacy Protection Authority’s recommendations (in Hebrew).