UK ICO Publishes Draft Guidance on Internet of Things Products and Services
Monday, June 16, 2025
Print Mail Download info_icon_img/>i

On June 16, 2025, the UK Information Commissioner’s Office (the “ICO”) published its draft guidance on Internet of Things (“IOT”) products and services (the “Guidance”). Through the Guidance, the ICO aims to provide clarity to manufacturers and developers of smart products, such as smart speakers and Wi-Fi fridges, to ensure they create products that comply with data protection law. The Guidance covers key areas such as:

  • Types of Information: The Guidance explains the different types of personal data which may be processed by IoT products and services, including health, biometric and location data, and how such data may be used and collected.
  • Accountability: The ICO considers areas of accountability in the context of IoT products and services, such as the controller and processor relationship, privacy by design, and the use of IoT products and services by children.
  • Lawful Processing: The Guidance considers the application of the lawful bases and the special category conditions of processing under the UK General Data Protection Regulation (the “UK GDPR”) to of IoT products and services, and gives examples of how manufacturers and developers can seek to ensure that freely given, specific, informed and unambiguous consent is obtained by consumers.
  • Fair Processing: The ICO encourages manufacturers and developers to consider how personal data is processed, focusing on key issues such as necessity, proportionality and purpose limitation.
  • Transparency: The Guidance includes examples for manufacturers and developers on how to inform consumers of how they collect, use and share personal data.
  • Security: The Guidance stresses the importance of implementing and maintaining appropriate technical and organizational measures, providing examples of such including encryption and multi-factor authentication.
  • Data Subject Rights: The ICO reminds manufacturers and developers of their responsibility to inform consumers of their data subject rights under the UK GDPR.

The ICO’s intention behind the Guidance is to empower organizations to consider responsible use of information and compliance with data protection laws. However, the ICO has warned manufacturers and developers that it is “closely monitoring compliance” and will be “ready to act” where it believes “corners are being cut or personal information is being collected recklessly.”

The ICO has asked for manufacturers, developers and the wider tech industry to share their views on the draft Guidance, which will be open for consultation until September 7, 2025.

Copyright © 2025, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Public Notices

Post Your Public Notice Today!

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: HM LAND ACQUISITION, LLC AND M&H INVESTMENT GROUP, LLC
Published: 16 June, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Meyer Burger (Americas) LTD
Published: 16 June, 2025
PUBLIC NOTICE OF DISPOSITION OF COLLATERAL: Bellway, Inc.
Published: 11 June, 2025
PUBLIC NOTICE OF UCC SALE: CleanBay Renewables, INC. and Its Several Subsidiaries
Published: 11 June, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Loan Originations LLC
Published: 9 June, 2025
PUBLIC NOTICE OF ASSIGNEE SALE: Starved Rock Wood Products LLC
Published: 9 June, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: GL PART SPV I, LLC
Published: 6 June, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Phenix Real Time Solutions, Inc
Published: 6 June, 2025
PUBLIC NOTICE OF ASSIGNEE SALE: Kojin Therapeutics
Published: 3 June, 2025
PUBLIC NOTICE OF 363 SALE: WaterIQ
Published: 29 May, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: CCP Mezzanine Nashville I, LLC
Published: 28 May, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: TrueNorth Projects, LLC
Published: 22 May, 2025
PUBLIC NOTICE OF DISPOSITON OF COLLATERAL: Barber Directory, Inc
Published: 19 May, 2025
PUBLIC NOTICE OF 363 SALE: Elmer Buchta Trucking
Published: 31 March, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: PHILLIPS AMSTERDAM II LLC
Published: 31 March, 2025
Discover more public notices

Current Legal Analysis

More from Hunton Andrews Kurth

Higher Education Institutions and Sanctuary City Considerations
by: Adam J. Rosser , Gerard T. “Gerry” Leone, Jr.
Rules Proposed Under New Jersey Data Privacy Act
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
UK Data (Use and Access) Bill to Become Law
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
House Unveils CLARITY Act
by: Scott H. Kimpel
Texas Legislature Passes More Legislation Affecting Texas Entities
by: Daryl B. Robertson , Joanna D. Enns
IFC’s Responsible Exit Principles
by: James Comyn , James Head
Long-Awaited Proposal to Give Texas Primacy for Class VI Injection Wells Signed by EPA Administrator
by: Shannon S. Broome , Samuel L. Brown
Investment Advisers to Launch AML Programs January 1, 2026
by: Rafia Ali , John J. Delionado
Navigating Change: The Impact of the UK’s Data (Use and Access) Bill on Businesses
by: Sarah Pearce
New Travel Restrictions: Critical Information for Affected Nationals, Their Families & Employers
by: Sanjee Weliwitigoda
SCOTUS Unanimously Holds One Standard for Discrimination Cases Under Title VII
by: Juan C. Enjamio , Meredith Gregston
FAR 2.0 Rollout Begins
by: Eric S. Crusius
EDPB Finalizes Guidelines on Data Transfers to Third Country Authorities and Training Materials on AI and Data Protection
by: Hunton Andrews Kurth’s Privacy and Cybersecurity

Upcoming Events

 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters.

 

Sign Up for any (or all) of our 25+ Newsletters