Some of the most popular household appliances and gadgets are siphoning vast amounts of your data, a new study from Which? has sensationally claimed. The consumer watchdog tested and rated a range of popular smart devices, scoring them based on what data they wanted to gather on their owners.
Many of these requests for personal information goes well beyond what’s necessary for the badsic functionality of a product, researchers at Which? found.
In some cases, data gathered by these popular products — like current location, audio recordings, and information on other apps stored on your smartphone — was beamed to third parties for marketing purposes.
Which? researchers meticulously studied three examples from some of the most popular categories of household gadgets, including speakers, Smart TVs, and air fryers — rating each of them based on their data collection practices
WHICH? PRESS OFFICE
Of the gadgets checked in the study, Which? found Smart TVs, speakers, air fryers, and smartwatches making “excessive” demands for personal data. The consumer champion said its study showed that some consumer technology companies were collecting data with “reckless abandon” and called for stricter guidelines to be put in place around smart product devices and data collection.
The UK’s data protection watchdog — the Information Commissioner’s Office (ICO) — has already announced plans to publish guidance on personal data collection next year.
The Mi Smart air fryer from Xiaomi was one of the models checked by the researchers at Which?
XIAOMI PRESS OFFICE
According to the report from Which?, all three air fryer products tested wanted to know the owners’ precise location and wanted permission to record audio on a user’s phone …for no specified reason. Which? said one of the air fryers – made by Chinese brand Xiaomi – used a connected app which linked to trackers from Facebook, an ad network linked to TikTok and, depending on location, Chinese tech giant Tencent.
Wipe your phone number, location data, political affiliation, and more from thousands of data brokers
Incogni is a clever solution from the team behind Surfshark VPN that promises to wipe any trace of your personal information from data brokers worldwide. These companies harvest data on hundreds of millions of people. Some leading brands boast that they hold up to 1,500 data points on everyone in their database. Everything siphoned by data brokers is publicly available or purchased from other companies, like credit card providers, which anonymise some data. It can details like ethnicity, religion, marital status, hobbies, television shows you’re watching, online purchases you’ve made, address and phone number, and more.
$11.98
$5.99
This air fryer, and another from fellow Chinese firm Aigostar, also sent personal data to servers in China, Which? said, although this was flagged in a privacy notice.
In addition, Which? said one of the smartwatches that it tested — the Huawei Ultimate model — demanded a range of phone permissions the study classified as “risky”, including precise location, the ability to record audio, access to stored files and the ability to see all other installed apps. Which? said it was told by Huawei that these permissions were a justified need and that no user data was used for marketing or advertising purposes.
Elsewhere, Which? said it found similar issues in the Smart TVs it tested for the study, including those built by Hisense, LG, and Samsung. Earlier this year, the latter continued its reign as the biggest manufacturer of Smart TVs worldwide for 18 consecutive years.
Smart TVs from all three of these brands requested a postcode during the set-up process, and while the Hisense did not connect to any trackers that researchers from Which? could detect, models from Samsung and LG did. According to the study, information was shared with trackers developed by Facebook and Google.
It said the Samsung TV app also made a number of “risky” phone permission requests.
In its test of smart speakers, Which? highlighted the Bose Home Portable speaker as being “stuffed” with trackers, including Facebook, Google and digital marketing firm Urbanairship.
Discussing the findings, Which? magazine editor, Harry Rose said: “Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon, and this is often done with little or no transparency.
“Which? has been calling for proper guidelines outlining what is expected of smart product manufacturers and the ICO has confirmed a code is being introduced in spring 2025 – this must be backed by effective enforcement, including against companies that operate abroad.”
Which? has also encouraged consumers to improve their data privacy by taking care to opt out of data collection requests they are not comfortable with, to check permission requests on apps before downloading them and deny or limit app data access via their phone settings, and delete voice recordings of interactions with voice-based assistants.
ICO Principal Policy Advisor, Slavka Bielikova said: “The results from Which?’s testing of smart products show that many products not only fail to meet our expectations for data protection but also consumer expectations. Smart products know a lot about us – who we live with, what music we like, what medication we are taking and much more.
“That’s why it’s vital that consumers trust smart product manufacturers to use their information safely and in the ways they expect. Earlier this year, we asked consumers how they feel about smart products. They told us that their products collect too much information about them and that they feel powerless to control how their information is used and shared.
“That’s why the ICO is working on new guidance for manufacturers of smart products which will be published in spring 2025. The guidance will outline clear expectations for what they need to do to comply with data protection laws and, in turn, protect people using smart products.
“Our guidance will allow manufacturers to plan and invest in the use of information responsibly. We want to help organisations get it right, however where they don’t we will be ready to act to ensure consumers are protected from harm.”
In response to the Which? research, Samsung said: “At Samsung, the security and privacy of our customers’ data is of the utmost importance. And we employ industry-standard security safeguards and practices to ensure that the data are secured.
“Customers are also given the option to view, download or delete any personal data through their Samsung accounts. Customers can find more information about our privacy policies at samsung.com/uk/info/privacy.”
Hisense said: “Hisense UK values its relationships with its customers and respects their data privacy rights. We are compliant with all UK data privacy laws and only capture the postcodes of our customers to enable them to receive regional specific content, enhancing their user experience. If users are concerned, then many of our TVs will accept a partial postcode.”
Huawei said: “Huawei takes consumers’ privacy incredibly seriously. Clearly, to be useful lifestyle and health/fitness partners, smartwatches require permissions to access a number of personal data; we are very clear both on the devices at set-up, and on the companion app Huawei Health, which permissions are required and why, and users have full control over turning them on or off at any time.”
LATEST DEVELOPMENTS
- Use Windows 10? New cost for PC users finally confirmed by Microsoft
- Millions of Sky TV viewers unlock pulse-racing new upgrade
- Apple reboots Mac mini with a BIG redesign and £50 price cut
- Best VPN deals
Which? said it was told by Xiaomi that “respecting user privacy has always been among Xiaomi’s core values, which includes transparency, accountability, user control, security, and legal compliance” and “we do not sell any personal information to third parties”.
“The permission to record audio on Xiaomi Home app is not applicable to Xiaomi Smart Air Fryer which does not operate directly through voice commands and video chat,” the company added.
Which? said LG declined to comment, while Aigostar and Bose did not respond.
Additional Reporting By Martyn Landi, PA Technology Correspondent