Data Protection Academy » Data Protection News » Smart Home Privacy Concerns

Text in the picture: "Smart Home benefits in everyday life are offset by data protection concerns".

Smart Home and privacy

Smart Home: Digitisation of the private everyday life

Digitisation also does not stop at household and everyday objects. The so-called "smart home" applications are equipped with sensors and connected to the Internet. This enables the central control of different systems or devices, for example via smartphone. The simplification of everyday work is countered by data protection concerns. This is because devices like Alexa are repeatedly in the media due to data mishaps.

The advantages of Smart Home

Smart home applications belong to the Internet of Things (IoT) sector and are leading to increasing digitalisation in the private sector. The applications are manifold and enable the operation of blinds, heating or light in a centralized, automated and location-independent manner. Particularly advantageous are the savings potential in the area of energy consumption, but also the convenient access from a distance, for example, if the blinds have to be closed due to sudden hail. In the area of entertainment we already use smart solutions, Alexa plays her favourite song on demand and we can call up the Netflix app via our smart TV to watch series. The advantages are obvious, but how is this topic to be assessed from the perspective of data protection?

Privacy and Smart Home

In particular, the increased circulation of personal data due to the networking of devices via WLAN, Bluetooth or mobile phone networks must be viewed critically. This is because these networks are not always adequately secured. And even if one does not become the victim of a hacking attack, there are numerous possibilities for third parties, such as manufacturers or even craftsmen, to gain more and more insight into sensitive data areas. User profiles can be created from the data of the networked devices and behaviour or habits can be estimated. A sensitive intrusion into privacy and the loss of control over one's own data.

In Europe, the General Data Protection Regulation, how manufacturers and providers may handle personal data. Among other things, providers must observe the following:

  • Data may only be collected with the consent of the data subject.
  • The processing of the data must be for a specific purpose. For example, an e-mail address provided to receive product updates may not be used for advertising.
  • The collection of data must also be earmarked for a specific purpose, e.g. registration for software does not require information on religious affiliation.

Even though the DSGVO regulates many issues in this respect, there are still no specific guidelines or technical standards for smart home applications.

Practical tips

Many users focus on the fun of use and the benefits in terms of time and cost savings, and ignore the intrusions into personal data. Taking necessary protective measures is often not an issue, the Data protection not so important. What points you can consider to check smart home devices, you will find below.

  • Research before purchase: can you make settings in the smart home application of your choice for the use of the collected data?
  • Check which data your device records, often these are listed under "My activities" or "History". Do you find this data useful?
  • At best, do not change the default settings of your devices, especially the passwords set by default, to "12345".
  • Keep the operating system up to date by regularly updating it, security holes are often repaired by this.
  • Disable the Universal Plug and Play (UPnP) feature of your router, this default setting controls how devices on a network communicate with each other.
  • Pay attention to whether your data is collected or processed in encrypted form. The so-called end-to-end encryption is recommended.


Digitization and the Internet of Things have become an integral part of everyday life. Providers outside the European area such as Google or Apple are setting standards with solutions such as Alexa or Siri, which are in line with the GDPR have little to do with it. Smart home solutions will also become more rather than less in the future. That's why it's all the more important to take a close look at the providers before buying smart home solutions. Which functions do I really need, are there alternatives on the market? If a branch or even the headquarters of the provider is located within the EU, the regulations of the GDPR must be observed. Before the device is put into operation, the above-mentioned safety precautions must be taken.

Further links:

Prof. Dr. Andre Döring Data Protection Officer Robin Data GmbH

"When using smart home applications, the advantages should be weighed against the risks. In my opinion, the question that users have to ask themselves is whether the cost or time savings are so great that I risk my personal data being misused in the worst case".

Nadine Porrmann
Latest posts by Nadine Porrmann (see all)

This might interest you too:

Whistleblower Protection Act

The deadline for the Whistleblower Protection Act is 17 December 2021. Current developments, obligations for companies.

Data protection officers report from the field

What are the most common data protection challenges and economic impacts in practice? ✔️Unsere Partners report.

Data protection result of 18 months GDPR

Data protection balance sheet 2019: high implementation costs hinder companies, number of data protection fines rising. Find out more in our GDPR info graphic.