How Could the GDPR Affect Smart Home Devices? 2 Examples of Downed Services


Everyone’s being flooded with emails about privacy policy updates thanks to a new data protection law (GDPR) that went into effect in late May 2018.

The GDPR has affected almost every business that exists online, even those that mainly operate outside of the EU. While it’s still unclear how large the ramifications of the GDPR will truly be, services like Klout have already closed down instead of adapting to the new legislation.

Are smart home devices and the Internet of Things (IoT) the first thing that comes to mind after the GDPR? Probably not. But will they also be impacted? You bet. Here’s everything you need to know about how the GDPR could affect your smart home.

What Exactly Is the GDPR?

The GDPR is an EU regulation designed to protect the data of EU citizens. While it is EU legislation, it affects any business working within an EU country, and any business that processes data from EU citizens.

In short, it is incredibly wide-reaching. While the GDPR gives more power to new privacy protecting apps, many small businesses worry it will destroy the networks they worked so hard to create and build.

The law has been put in place to regulate the data collected from you by companies. This data can be as simple as your name, or as complex as your political beliefs and sexual orientation.

The GDPR is designed to replace the now outdated EU Data Protection Directive. This old legislation came into law in 1995 when the internet was a completely different place. With high profile data breaches becoming front-page news, it was time for updated legislation.

How the GDPR Affects the Internet of Things

Most smart home devices operate on a local Wi-Fi connection or using Bluetooth and infrared remotes (IR). At first glance, none of these things appear to fall foul of the new legislation. But problems arise when manufacturers use their own infrastructure to control devices.

An example of this is the Philips Hue Range. As one of the first smart lighting kits to hit the market, the Hue was an early success in mainstream smart home accessories. One popular feature is the ability to control your lights from anywhere using the Philips Hue App. Philips adapted to the GDPR by requiring users to re-login to their service.

Of the many smart lighting solutions out there, so far only one of them has been hit hard by the GDPR.

Yeelights: Service Unavailable in Europe

Yeelights, manufactured by the ever dominant Android phone and tablet manufacturer Xiaomi, offers a range with similar functionality to the Hue home set, and comes with a companion app to control their lights. The day the new legislation came in, users of the service opened the app to find this message:

The fairly curt message greeted all EU users of the app. Some reported being shown an updated privacy policy, only to still get the same message after accepting it. Yeelight responded to the unannounced shutdown through a forum post titled “European server service will be restored within a week”.

Later in the same thread, a Yeelights employee coasterli shed more light on the situation:

“Actually, we have been working on GDPR compliance for months. But unfortunately, we found a potential risk that might not fully compliant [sic] with GDPR requirement in the last minute.”

There has been no official announcement as to whether European customers can use the app again as yet, but if you have been affected, there is a workaround. In a Reddit thread, user njitramlieu discovered a way to side-step the issue:

What made this issue worse than it could have been was an apparent lack of communication from Yeelights until after the problem had affected their European customers.

So far this appears to be the only smart home system affected to this scale, though among the other websites affected by GDPR there is one that may indirectly affect your setup.

Instapaper: Questionable Data Collection

Instapaper allows users to clip articles to read later on a device of their choice. The service was acquired by Pinterest, who made its premium service free to all users in 2016.

At the time of writing, the Instapaper homepage redirects to a statement about GDPR:

As @smithsam (the Twitter user who shared the image) states, this does prompt some questions as to what a service like Instapaper is doing with its users’ information. Given the two year window to prepare for GDPR, it seems unlikely the dev team was taken by surprise.

This only affects smart home users if you have Instapaper as part of your home automation setup—for example, using Google Home to listen to your favorited articles. IFTTT itself is not affected, as outlined by a recent post on their website. Users will be able to choose in each case if they wish to share their data with the parties involved.

GDPR and the Future

So far the answer to whether GDPR will affect your smart home is No—unless you are affected by these two specific cases. Up until now, all other smart home and IoT projects seem to have dealt with the new regulation well.

As for the future? With more and more services using our information as part of the service they provide, and the lucrative industry that is user data, it seems likely there will be more turmoil on the horizon.

Read the full article: How Could the GDPR Affect Smart Home Devices? 2 Examples of Downed Services