A new study by Which? has warned that smart devices are gathering “excessive” amounts of consumer data.
The organisation analysed products including air fryers, smart TVs and speakers, finding that data collection went “well beyond” what is necessary for the functionality of the product.
The consumer champion said that this data could be collected from consumers often with little transparency about what it will be used for. It called on companies making these products to prioritise the privacy of customers over profit.
The Information Commissioner’s Office (ICO) is due to publish new guidance for smart product manufacturers in spring 2025, with Which? calling on the department to ensure it includes clear advice on how consumers’ data can be used and the transparency required of businesses.
Air fryers
In the air fryer category, Which? found that as well as wanting to know a customer’s precise location, all three products tested wanted permission to record audio on the user’s phone for no specified reason.
The Xiaomi app linked to its air fryer connected to trackers from Facebook, Pangle – the ad network of TikTok for Business – and Chinese tech giant Tencent.
An air fryer from Aigostar wanted to know gender and date of birth when setting up an owner account.
The Aigostar and Xiaomi air fryers both sent people’s personal data to servers in China, although Which? said this was flagged in the privacy notice.
Aigostar did not respond to a request from Which? for comment while Xiaomi told Which? that “respecting user privacy has always been among Xiaomi’s core values, which includes transparency, accountability, user control, security, and legal compliance.”
The company added that it adheres to all UK data protection laws and said it does not sell any personal information to third parties.
It went on to say that certain functions are only active in select global markets, such as Tencent services only used in China.
“The permission to record audio on Xiaomi Home app is not applicable to Xiaomi Smart Air Fryer which does not operate directly through voice commands and video chat,” it added.
Smart watches
Which? also tested the Huawei Ultimate smartwatch and found it requested nine “risky” phone permissions which was the most of all devices tested. Which? defines “risky” as giving invasive access to parts of someone’s phone. These included precise location, the ability to record audio, access to stored files or an ability to see all other apps installed.
Responding to Which?’s request for comment, Huawei said that all permissions had a justified need. It added that no user data is used for marketing or advertising purposes.
The company said: “Huawei takes consumers’ privacy incredibly seriously. Clearly, to be useful lifestyle and health/fitness partners, smartwatches require permissions to access a number of personal data; we are very clear both on the devices at set-up, and on the companion app Huawei Health, which permissions are required and why, and users have full control over turning them on or off at any time.”
“Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon, and this is often done with little or no transparency,” said Harry Rose, Which? magazine editor. “Which? has been calling for proper guidelines outlining what is expected of smart product manufacturers and the ICO has confirmed a code is being introduced in spring 2025 – this must be backed by effective enforcement, including against companies that operate abroad.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/25716404/aa_112024_az_drone_delivery_standard_hero_v1_600kb_2000x1125.jpg "Amazon starts drone deliveries in Arizona")
/cdn.vox-cdn.com/uploads/chorus_asset/file/25716465/NM_illu02.jpg "Nintendo’s music app has great ideas and frustrating limitations")
