It seems that almost every new product on the market today is “smart”. TVs, toys, speakers lightbulbs, fridges, watches, doorbells, baby monitors. The list goes on.

Whilst these products may offer new features and increased convenience, they also very likely involve the processing of personal information. And so, enter data protection law and the Privacy and Electronic Communications Regulations 2003 (as amended).

Helpfully, the Information Commissioner’s Office (ICO) has published new guidance on how manufacturers, software developers, and others can ensure that their smart products are compliant with the law.

As is typical for publications from the ICO, the guidance is a combination of things that organisations “must”, “should”, and “could” do to comply with the law, as well as numerous practical examples and case studies.

One thing that is clear from the guidance is that the UK GDPR will still apply even if many of these products will be used in the home: whilst the law does not cover processing by a person in the course of purely personal or household activity, the manufacturers’ or suppliers’ use of the personal information that is collected will fall within the scope of the law.

The guidance is full of advice about how to, for example, plan, research and design an Internet of Things product, how to manage risk, and what is required by organisations after a product is launched. It also provides examples of design choices that organisations can employ to ensure that users fully give their consent to the processing of their information, and that personal information is processed fairly and transparently.

To read the guidance in full, click here.