Can a toaster be trusted? Home data security cannot be left solely to the consumer

Consumer Ombudsman Katri Väänänen

A great deal is talked about the smart homes of the future, but even now we are living surrounded by many kinds of digital devices with data communication links. Alongside computers and smartphones, other home products such as refrigerators, toothbrushes and even children’s toys connect to the Internet. These products carry information and communicate not only with the user but also with the other smart products at home. Moreover, they communicate to recipients outside of the home, such as the manufacturer of the device.

Consumers wish to have home technology that is easy to use and inexpensive. Connected products promise ever better comfort of use, efficiency and the possibility of getting more individualised services. Intelligent things can also help the user, for instance by sending alerts or by giving advice through voice control. Among those benefiting from these solutions are old people and people with a sensory handicap.

The most inexpensive products are not necessarily those in which data security has been addressed in the most comprehensive way. Product manufacturers and sellers sometimes have to make difficult choices when balancing between price and quality. On the other hand, households have limited budgets, and consumers carefully consider which quality level is worth paying for and when. Many consumers also have environmental issues on their minds and ponder whether it is always necessary to buy the newest device or whether a recycled device could be a safe choice.

Even if smart devices make everyday life more flexible and fun in many ways, they are associated with many kinds of risks. A toaster may be recruited into a botnet for denial-of-service attacks, or the home monitoring system may transmit visual information from the dwelling to outsiders. Few consumers possess such computer skills that they could tackle these risks independently.

With regard to the safe use of connected products, the way in which the product guides the user is of special importance. Has the manufacturer taken steps to ensure that the consumer will be able to make choices concerning data security when taking the device into use? It is considerably easier to make these choices and define preferences by using a wizard than by studying often difficult to understand operating manuals. Not all digital products show their connectivity to the consumers. Connectivity should be considered such an essential characteristic that the seller should always inform the consumer of it before the purchase decision.

One way in which the consumers’ need for information on the functions of smart products has been addressed in the Consumer Protection Act is by obliging the seller to inform of the interoperability of digital content with the devices and software. Connected products also constantly need updates to ensure proper functioning and information security. In April 2019, EU approved the new consumer law directives, according to which the seller must inform of and provide updates necessary for the safe functioning of the products. It will be interesting to see how the new EU regulation will be transposed into domestic law.

Home data security cannot be left to depend solely on the expertise of consumers. Consumers should be able to trust that high-level and easily implemented data security is as self-evident protection in a smart device as a safety belt in a car. Genuine knowledge of the products that are sold as well as correct and up-to-date information provided to consumers require competence development and collaboration between the sales staff, seller company and manufacturer. All this increases the trust of consumers in smart products and furthers both sales and new innovation.


The text was originally published in Finnish in the Consumer Ombudsman’s blog