A Privacy Sweep or international evaluation dedicated to verify the respect of privacy in the Internet of Things was launched the 11 of April 2016. This initiative is coordinated by the Global Privacy Enforcement Network (GPEN), the international network pursuing to strengthen cooperation between the DPAs of different countries around the world, and will examine the data protection documentation and practices related to Internet connect devices.
DPAs are free to choose the categories of products that they will examine, (smart meters, smart watches, internet-connected thermostats…). The French CNIL has declared it wants to focus its investigation that will start in May 2016 in three different categories that could impact privacy in everyday life: Smart Home devices (connected cameras that are able to detect movement or measure the quality of air or smart-fridges that inform about expired products or smart meters), health items (blood pressure or glucose monitors that collect health related data) and wellness related objects (smart watches and bracelets that collect localization data or calculate the number of steps taken daily or the calories consumed). In practice, the CNIL will assess the quality of the delivered information, the security level of the data stream and the degree of user control over the operation of its personal data (consent, the exercise of its rights, deletion of data, etc.). By contrast, the Italian Garante will focus on only one issue: the Smart Home devices. The Irish Data Protection Commissioner, for its part, will review some devices such as smart electricity meters, fitness trackers and telematics. Other topics, like the examination of privacy communications on websites in which devices that relate to smart metering systems are found, will be studied by the Belgian Privacy Commission. Focussing on non-European DPAs, the Office of the Privacy Commissioner of Canada will examine the privacy practices in health devices.