Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99per week for the first 24weeks
Just $1.99per week for the first 24weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

Pebble Time smartwatches are seen in this file photo.

Canada's federal privacy watchdog is participating in a global initiative that's raising red flags about connected devices – everything from "smart" TVs to fitness-tracking wristbands and Internet-connected toys – and their failure to provide users with control over the personal information those gadgets collect.

The Office of the Privacy Commissioner of Canada (OPC) took part in the global "privacy sweep" in April, and is now releasing the results. The sweep involved 25 privacy authorities . It looked at 314 connected devices – often collectively referred to as the "Internet of Things" – and how they communicate their privacy practices. Canada's focus was on 21 health and wellness devices that are popular among Canadians, including fitness trackers, smart watches, smart scales and blood pressure monitors.

They found that connected devices "fail to inform users about exactly what personal information is being collected and how it will be used" – including sensitive data such as health and financial information.

Story continues below advertisement

The OPC says that the concept of "the body as information" is a major focus, as health, genetic and biometric information is being tracked more than ever. During the sweep, staff used connected products and analyzed what information those devices asked for – and what privacy collection and protection information they provided to users. Nearly half of Canadian "sweepers" – OPC staff who tested the devices – and more than three-quarters of international sweepers were unable to find basic instructions on how to delete their data once they had begun using the devices.

The Global Privacy Enforcement Network, now in its fourth year, is a joint effort among privacy organizations in many countries, including the United States, Britain , members of the European Union and China, and has conducted such privacy sweeps before. By acting in tandem, the group is attempting to add global heft to major privacy concerns.

Last year, for example, the network conducted another sweep that showed how websites and mobile applications targeted to kids often do not do enough to protect children's privacy.

Among the devices that the OPC analyzed in this sweep, it highlighted concerns about a blood pressure monitor and a thermometer that both asked to track users' locations, without giving adequate explanations about why that was necessary for the device's purposes.

Another concern was the Jawbone UP3, which tracks a user's activity, sleep and heart rate. The OPC noted that the device provided an easy online form to request that the company delete all personal information on its servers, including data shared with partners. But the "sweeper" found his account was still active, with personal information intact, two months later .

Both the Fitbit and Garmin Vivosmart HR fitness trackers were highlighted by the OPC for being too vague in their privacy policies about safeguards they put in place to protect users' data.

In another case, the iMazeFitness heart rate strap had a placeholder on its personal information page that said "[Insert customer data privacy clause here if applicable.]"

Story continues below advertisement

"Many of the privacy communications were generic or vague, or had privacy policies that weren't specific to the devices being evaluated," said Brent Homan, the OPC's director-general of PIPEDA investigations. (PIPEDA stands for the Personal Information Protection and Electronic Documents Act, which is the law in Canada concerning privacy and personal data.)

"Providing information about what is being collected at key points – such as registration or purchase – is a best practice … rather than having it buried in privacy policies," Mr. Homan said.

Not only should devices make clear what types of data are being collected and shared, Mr. Homan said, they should make it easier for users to exercise control over that information. Further, where information gathering is not essential to the device's purposes, user consent should be explicit – and the default setting should be not to gather that information, he said.

On the positive side, the OPC noted that many companies did give detailed explanations of how information would be shared with third parties such as advertisers.

"With the proliferation of the Internet of Things, the activities, movements, behaviours and preferences of individuals are being measured, recorded and analyzed on an increasingly regular basis," Privacy Commissioner Daniel Therrien said in a statement. "As this technology expands, it is imperative that companies do a better job of explaining their personal information handling practices."

What is the 'Internet of Things'?

Story continues below advertisement

It's a term that covers an extremely wide range of Internet-connected devices that use technology to increase their functionality.

These include self-driving cars; TVs that can stream content from the Internet and may include voice and gesture recognition; sleep trackers; home security systems; location-tracking devices to help people find their keys or other lost objects; and smart thermostats that monitor and adjust energy use in homes, among other devices.

Cisco Systems has forecast that there will be 50 billion such connected devices worldwide by 2020. Research firm IDC has predicted the global market for the Internet of Things will grow from $655.8-billion (U.S.) in 2014 to $1.7-trillion by 2020.

Often, the information that such devices can gather is exceptionally valuable for marketers. Personal devices may give third parties information about the users to help companies better target advertising to them. Others are for commercial use, such as devices that pick up WiFi signals from mobile devices and use those signals to track customers' visits to a store. Beacons can use mobile devices' Bluetooth signals for similar purposes.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies