Eavesdropping: The Privacy Myth
The pervasiveness of the Internet of Things has spawned a recent fear that the devices are listening to the conversations of their users. For instance, the My Friend Cayla doll talks to children and answers their questions by connecting to the internet and using a combination of voice recognition software and Google searches to provide these responses. She has the potential to record children’s conversations and also uses an unsecured Bluetooth device hidden inside her to connect to the internet via an application on a nearby mobile phone.
Similarly, The “OK Google” function is another example that has this potential. Users have been warned that once the functionality has been switched on, personal conversations may be recorded. Certain models of smart TVs also come with an explicit warning to users that their living room conversations may be recorded.
Of late, “eavesdropping” devices have come under the spotlight due to their seeming invasion into our privacy. The truth is that this is a misnomer. Most tech companies are recording and processing personal information lawfully, because we consented to this in order to use their products.
There are exceptions, of course. The most recent example is the FaceTime hack. Only recently did Apple release the software fix to a bug that reportedly allowed hackers to access and listen to conversations on Group FaceTime. Apple said in a statement that; “the software update fixes the security bug in Group FaceTime. We again apologise to our customers and we thank them for their patience”. In another example, a consumer watchdog in the United States has reportedly laid complaints alleging that the My Friend Cayla doll has been recording conversations had with children, which can be forwarded, without the consent of parents. German authorities have reportedly gone so far as to ban the toy, citing security concerns after it was shown that the doll was capable of being hacked.
While section 14 of South Africa’s Constitution entrenches the right to privacy, and various statutory requirements have been put in place to ensure the protection of this right, we continue to voluntarily waive our right to privacy. If your immediate response was, “no, I do not”, then ask yourself the following questions:
Despite our blind acceptance of terms and conditions, there is legislation that attempts to secure our privacy a little more. The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 prohibits the interception of communications, unless a person who is a party to the conversation has given consent in writing to such interception, or the conversation is intercepted under an interception directive (with some exceptions). The Protection of Personal Information Act, 2013 also lays down broad requirements for how personal information may be collected (for example; with consent).
In terms of current South African legislation, the My Friend Cayla doll would be unlawful if it failed to obtain consent from a parent to record and store conversations of minors. However, when installing the application (with which the doll works), it requires the user (parent) to grant the following permissions on his or her mobile device to:
These permissions make it completely lawful for the doll to record audio and store it. It even allows her access to your WiFi network; and she never sleeps.
Similarly, the users of technology such as smart TVs and OK Google appear to have their data processed lawfully. The lawfulness stems from the consent that is directly obtained from such users through their acceptance of terms and conditions.
ENSafrica’s TMT team has extensive experience in smart technologies and the Internet of Things. We can assist you to draft appropriate privacy and other notices and terms.
Jessica Steele is a candidate attorney in ENSafrica's TMT department.
technology, media and telecommunications director [email protected] cell: +27 82 926 8751
- New EU Directive on Cross-Border Online Distribution of Television and Radio Programmes
- IT Outsourcing by Banks and Insurers Facilitated by Revised Regulations
- Reading the Tea Leaves for 2020
- Federal Council Considers Introduction of Cyber Incident Reporting Duty
WSG Member: Please login to add your comment.