The European Audiovisual Observatory has published new IRIS Special legal report called Is my smart TV working for Big Brother?
Samsung have warned owners of their smart TVs that the system’s voice recognition could actually be recording and sharing their private conversations. This “bad buzz” comes at a time when Brussels is in the process of adopting new legislation – the General Data Protection Regulation (GDPR) – aimed at protecting us from abuse and misuse of our private data and consumer behaviour big data collected by smart equipment such as television sets. The European Audiovisual Observatory, part of the Council of Europe in Strasbourg, is keeping track of these developments and has just published a brand new IRIS Special report – Smart TV and data protection.
This is a joint publication by the Strasbourg-based Observatory and partner institution, the Dutch Institute for Information Law (IViR in Amsterdam). It inspired an expert workshop organised in Strasbourg last December, which looked at “the grey areas between media regulation and data protection”.
The report kicks off with a very necessary definition of what one means by Smart TVs and what this equipment actually does. The key to understanding the difference between ‘smart’ and ‘non-smart’ lies in the connection of smart sets to the internet, on the one hand, and their capacity, on the other, to collect behavioural consumer data via functionalities such as voice, motion control and facial recognition. Further data can be gathered if viewers choose to create a user account. Chapter I also offers up to date figures on Smart TV shipments which are due to hit an estimated 140 million worldwide in 2016, as opposed to 60 million in 2011.
Chapter II looks at current media legislation related to Smart TVs. The authors explain that the regulation of Smart TV actually touches no less than five different areas of media legislation: audiovisual media services, electronic communications, data protection, consumer protection, and human rights law. The chapter analyses each current piece of legislation covering these fields before concluding that the pending GDPR represents a complement to the structures already in place. It will, for example, cover situations where equipment manufacturers, platform providers, or indeed online content and service providers are based outside the EU. It will also force service providers to allow us to refuse the processing of our personal data for secondary purposes.
The report moves on to chapter III which presents various national case studies from Germany, the Netherlands, and the US. The German example shows how various guidelines can evolve from genuine consumer concerns. Germany actually issued a joint guidance document in September of last year which emanated from the different data protection authorities responsible for the private and public sectors. It stipulates, for example, that users must be reliably informed about the collection and use of their personal data; that “privacy by default” settings be respected and that all equipment and services offered protect against data traffic and unauthorised access by third parties. The two Dutch examples illustrate very well the data protection and privacy issues involved, looking at data processing by a company offering Smart TV services through Philips equipment and also a cable TV operator providing audiovisual media to its subscribers.
The final Chapter IV outlines, in the light of the legal challenges in this field which have been outlined in this report, on what safeguards the forthcoming legislation – the General Data Protection Regulation – might propose. It is in the area of data processing that the GDPR aims at providing solid safeguards, making sure that the user has given clear consent for processing to take place and that processing of the data is indeed unavoidable for the providing of media services required. Interestingly, the ‘right to be forgotten’ also makes its way into the text for the first time, in order that the users may indeed demand the erasure of all personal data related to them. This also applies to viewing history. The GDPR does provide for data transfer between countries but only insofar as the country of destination offers appropriate safeguards.
In its closing analysis, this report concludes that utopian “one size fits all” legislation will never cover all the regulatory challenges posed by Smart TVs and the services they are able to offer. Instead, the authors feel that “media, privacy and consumer authorities need to work together and coordinate their actions.”