A new research report has raised concerns about how in-home smart devices such as AI virtual voice assistants, smart appliances, and security and monitoring technologies could be gathering and sharing childrenâs data.
It calls for new privacy measures to safeguard kids and make sure age appropriate design code is included with home automation technologies.
The report, entitled Home Life Data and Childrenâs Privacy, is the work of Dr Veronica Barassi of Goldsmiths, University of London, who leads a research project at the university investigating the impact of big data and AI on family life.
Barassi wants the UKâs data protection agency to launch a review of what she terms âhome life dataâ â meaning the information harvested by smart in-home devices that can end up messily mixing adult data with kidsâ information â to consider its impact on childrenâs privacy, and âput this concept at the heart of future debates about childrenâs data protectionâ.
âDebates about the privacy implications of AI home assistants and Internet of Things focus a lot on the the collection and use of personal data. Yet these debates lack a nuanced understanding of the different data flows that emerge from everyday digital practices and interactions in the home and that include the data of children,â she writes in the report.
âWhen we think about home automation therefore, we need to recognise that much of the data that is being collected by home automation technologies is not only personal (individual) data but home life data⊠and we need to critically consider the multiple ways in which childrenâs data traces become intertwined with adult profiles.â
The report gives examples of multi-user functions and aggregated profiles (such as Amazonâs Household Profiles feature) as constituting a potential privacy risk for childrenâs privacy.
Another example cited is biometric data â a type of information frequently gathered by in-home âsmartâ technologies (such as via voice or facial recognition tech) yet the report asserts that generic privacy policies often do not differentiate between adultsâ and childrenâs biometric data. So thatâs another grey area being critically flagged by Barassi.
Sheâs submitted the report to the ICO in response to its call for evidence and views on an Age Appropriate Design Code it will be drafting. This code is a component of the UKâs new data protection legislation intended to support and supplement rules on the handling of childrenâs data contained within pan-EU privacy regulation â by providing additional guidance on design standards for online information services that process personal data and are âlikely to be accessed by childrenâ.
And itâs very clear that devices like smart speakers intended to be installed in homes where families live are very likely to be accessed by children.
The report concludes:
There is no acknowledgement so far of the complexity of home life data, and much of the privacy debates seem to be evolving around personal (individual) data. It seems that companies are not recognizing the privacy implications involved in childrenâs daily interactions with home automation technologies that are not designed for or targeted at them. Yet they make sure to include children in the advertising of their home technologies. Much of the responsibility of protecting children is in the hands of parents, who struggle to navigate Terms and Conditions even after changes such as GDPR [the European Unionâs new privacy framework]. It is for this reason that we need to find new measures and solutions to safeguard children and to make sure that age appropriate design code is included within home automation technologies.
âWeâve seen privacy concerns raised about smart toys and AI virtual assistants aimed at children, but so far there has been very little debate about home hubs and smart technologies aimed at adults that children encounter and that collect their personal data,â adds Barassi commenting in a statement.
âThe very newness of the home automation environment means we do not know what algorithms are doing with this âmessyâ data that includes childrenâs data. Firms currently fail to recognise the privacy implications of childrenâs daily interactions with home automation technologies that are not designed or targeted at them.
âDespite GDPR, itâs left up to parents to protect their childrenâs privacy and navigate a confusing array of terms and conditions.â
The report also includes a critical case study of Amazonâs Household Profiles â a feature that allows Amazon services to be shared by members of a family â with Barassi saying she was unable to locate any information on Amazonâs US or UK privacy policies on how the company uses childrenâs âhome life dataâ (e.g. information that might have been passively recorded about kids via products such as Amazonâs Alexa AI virtual assistant).
âIt is clear that the company recognizes that children interact with the virtual assistants or can create their own profiles connected to the adults. Yet I canât find an exhaustive description or explanation of the ways in which their data is used,â she writes in the report. âI canât tell at all how this company archives and sells my home life data, and the data of my children.â
Amazon does make this disclosure on childrenâs privacy â though it does not specifically state what it does in instances where childrenâs data might have been passively recorded (i.e. as a result of one of its smart devices operating inside a family home.)
Barassi also points out thereâs no link to its childrenâs data privacy policy on the âCreate your Amazon Household Profileâ page â where the company informs users they can add up to four children to a profile, noting there is only a tiny generic link to its privacy policy at the very bottom of the page.
We asked Amazon to clarify its handling of childrenâs data but at the time of writing the company had not responded to multiple requests for comment.
The EUâs new GDPR framework does require data processors to take special care in handling childrenâs data.
In its guidance on this aspect of the regulation the ICO writes: âYou should write clear privacy notices for children so that they are able to understand what will happen to their personal data, and what rights they have.â
The ICO also warns: âThe GDPR also states explicitly that specific protection is required where childrenâs personal data is used for marketing purposes or creating personality or user profiles. So you need to take particular care in these circumstances.â
from www.tech-life.in
No comments:
Post a Comment