IoT (Internet of Things) devices (smart watches, home devices, automobiles) are constantly collecting data. Privacy issues are critical.
Common IoT Devices
- Smart watch (Apple Watch, Samsung Galaxy)
- Smart speaker (Alexa, Google Home)
- Smart camera (doorbell)
- Smart refrigerator, air conditioner
- Smart car
- Healthcare devices (CGM, blood pressure)
Collected Data
- Location (GPS)
- Health data (heartbeat, sleep)
- Audio recordings
- Image recordings
- Usage habits
- In-home conversations
KVKK Compliance
- IoT manufacturer data controller
- Lighting must be done
- Explicit consent must be obtained
- Transfer abroad is mostly available (AWS, Google Cloud)
Risks
- Hacker attacks (device hijacking)
- Data breach (leak)
- Monitoring (ex-lover, spouse)
- Government monitoring
- Insurance premium (health) data)
Consumer Rights
- Seeing the data
- Request for deletion
- Rejection for use for marketing purposes
- Rejection of transfer abroad (limited)
KVKK Board Decision
KVKK Board considers it a violation when IoT device manufacturers do not comply with the "data minimization" principle, especially constantly draws attention to devices that record audio/video.
Practical Recommendations
- Read the KVKK information text when you buy a device
- Turn off unnecessary data sharing (device settings)
- Regular software updates
- Strong password + 2FA
- Do not use IoT devices in sensitive areas (bedroom)
KVKK and technology law lawyer recommended.