As a consequence of developing technologies, electronic devices which people use in their everyday lives are becoming interconnected and collecting and exchanging information about us; this new phenomenon is known as the Internet of Things. Whilst the Internet of Things brings new benefits to society and individuals, they also pose significant risks to our privacy.

 Along with other privacy enforcement authorities from around the world, the Gibraltar Regulatory Authority, as Data Protection Commissioner, will be reviewing the collection and use of personal data by ‘Internet of Things’ devices, with a particular focus on the information given to users in relation to the processing of personal data.

The review, or sweep in data protection terms, began Monday and will be conducted over several weeks. The review will look at devices like smart electricity meters, internet-connected thermostats and watches that monitor health and evaluate how well companies communicate privacy matters to their customers.

29 Data Protection authorities from around the world will contribute to the study, with the combined results published in September 2016. These authorities will also consider action against any devices or services that are found to be breaking data protection laws.

The work is coordinated by the Global Privacy Enforcement Network (“GPEN”), and follows previous reports on online services for children, website privacy policies and mobile phone apps.

The action is being led by the Information Commissioner’s Office in the UK.

Bradley Tosso, the GRA’s Head of information Rights, said This is the third time we participate in a GPEN Sweep, which has become an important platform for International Cooperation between Data Protection authorities globally. International cooperation is important to deal more effectively with issues that are common to us all. 

Authorities from around the world have been working behind the scenes on this project for several months now, so it is exciting to begin the actual sweep and look forward to the analysis of results as well as further work with our GPEN partners. 

We acknowledge that the Internet of Things, like many other new developments, bring many benefits to individuals and society. However, with an increase in the information that is collected and exchanged about individuals comes an increase in the risk to our privacy, and greater need to ensure that appropriate safeguards are in place. Very importantly, individuals need to be kept informed about how their personal information is being used so that they can make informed choices. Organisations that fail to do this may be breaking the law and undermining confidence in these devices. 

It is imperative that users have control over their personal data and are aware of what is being done with it, and by whom.” 

As always, the GRA is at the public’s disposal should anyone wish to discuss matters which affect their privacy, or feel that their data protection rights are not being correctly addressed.

The GRA can be contacted by phone on +350 200 74636 or by email on This email address is being protected from spambots. You need JavaScript enabled to view it.