Ring video doorbell : GDPR and Privacy – what homeowners need to know
Ring video doorbell :
GDPR and Privacy – what homeowners need to know
A recent case in the Oxford County Court highlighted the perils for homeowners of operating a Ring product to protect their properties. Ring products, such as smart doorbells and security cameras, are becoming ever more prevalent. Perhaps a bigger takeaway is that the homeowner who installed the cameras was found to be a “data controller” under the definitions of the GDPR by virtue of recording the neighbour, and thus subject to the substantial fines the privacy law provides for.
They have advanced motion and audio detection, including live voice and siren response capabilities. Ring’s recent acquisition by Amazon has also pushed down the price of these ‘Sherlock Holmes’ style devices, making them affordable to the average household.
What are Ring Doorbells?
Developed by Ring LLC, a home security technology company owned by Amazon, Ring Doorbells are wifi-enabled smart doorbells intended to deliver an added layer of safety to home owners – with a camera installed on the doorbell to let owners screen visitors.
The devices have built-in motion detection and can be connected to existing doorbells through wiring or attached to doors as stand-alone video doorbell devices, with two-way talk letting home owners speak to those on their doorstep.
Such smart doorbell devices are popular in countries worldwide.
What your Ring doorbell track?
Ring is, first and foremost, a surveillance tool. It’s marketed as helping you surveil your surroundings, but don’t forget that it’s keeping track of you and your family as well. Ring — and Amazon, its parent company — knows your name, email, postal address, and phone number. It also knows the geolocation of your phone, information about your Wi-Fi network and signal strength, and your product’s model, serial number, and software version. If you use Facebook or another third-party login, it also can “obtain information” from that third party.
And of course, if you go to their website, it also tracks with cookies, web server logs, web beacons, “and other technologies.” According to their Privacy Policy, any information gathered on their sites or social media may be used for advertising.
Finally, Ring videos and photos are stored on Amazon’s servers for up to 60 days.
What does ring do with my data?
Ring uses your data to provide the services you’ve paid for — in other words, a video doorbell — and while they don’t “sell” your data, they do say in their Privacy Policy that they might “share” it with “service providers who perform services” for them — including marketing. In other words, your data is likely shared with data aggregators in order to serve you ads. Additionally, we all know that Amazon loves to get their hands on as much information about customers as possible, which means Ring data goes into that big aggregated pool Amazon has on you.
Ring already overtly collects a lot of information, but there are things they could figure out based on the content of your videos and photos. Things like: when you’re home, how many packages you get, information about your neighbourhood and neighbours, and so on.
And while there’s no evidence so far that Amazon is viewing those videos and photos, they do have access to them and could theoretically watch them. (In fact, Amazon let workers in the Ukraine annotate Ring videos without consent.) They also have demonstrated that they’re more than willing to comply with police: they reportedly complied with 57 percent of requests from law enforcement in 2020 and 68 percent in 2019, after Ring owners refused to give over footage themselves.
There are also reports that Amazon is testing out facial recognition technology on their Ring cameras, which opens up a whole other can of scary privacy concerns, especially when you take Amazon’s police partnerships into account. One only has to look to the use of facial recognition by law enforcement in the UK to see how quickly that situation can be used to oppress citizens.
And then there’s the issue of security. While Amazon is pretty good on that front, users generally aren’t. Anything from an unsecured network to a weak or stolen Wi-Fi password could let malicious actors gain access to the very sensitive information on your Ring. So if you do choose to get on, make sure it’s protected by following strong password best practices and updating regularly.
How to Protect Your Doorbell From Hackers
Good security hygiene can keep your Ring doorbell safe from hackers. Here are some tips to keep your Ring doorbell safe and secure from outside attacks.
Update Passwords
Though a seemingly simple practice, most people rarely update their passwords. What’s worse, they may use the same passwords for all their accounts.
Since most hackers use credential stuffing to hack passwords and account information, to say passwords should be updated regularly would be an understatement.
It is essential to switch passwords regularly and use separate ones for all accounts. This way, even if your Ring gets hacked, at least the problem is isolated.
You can also opt for secure password-generating services to ensure your passwords are always up to date and secure.
Enable Two-Step Verification
Two-step verification adds an extra layer of authentication to ensure your account information is not shared in the event that your password is compromised.
Ring does come with a two-step verification feature—that most users are not aware of as it is not enabled by default. This feature can be enabled directly from the Ring app.
Once enabled, every time you log into your Ring account, a one-time password will be sent to your associated email address. You will then be prompted to enter the six-digit key to log in successfully. Keep in mind that the code must be entered within 10 minutes, after which it will expire (requiring you to request a new one).
Add a Shared User
Do you want your friends and family to access your Ring in case of emergencies? As a rule of thumb, you should refrain from sharing login information with anyone.
Fortunately, the Ring app and Video Doorbell come with a flexible feature for adding a “Shared User” to your account. This way you can still provide Ring access to others while keeping your account information secure.
Monitor and Delete Old Footage
It’s always best to delete your old video footage from your Ring app. With more footage available, potential hackers would have more information to access and pose a security risk.
Also, if you see any footage that seems unfamiliar, it’s a good indication that your Ring has been compromised.
Do Not Share Footage
Along with deleting old footage, you should also refrain from sharing your Ring Video Doorbell footage with anyone. This includes any social media platform and even Amazon Sidewalk.
Even highly secure platforms can increase the likelihood of a security breach on your devices, so it’s important to keep your sensitive data safe as well as private.
Invest in an Antivirus Solution
Having a robust and reliable antivirus or firewall solution to protect your Ring device from unauthorized intrusions is a must, even if you are taking all other precautions.
You should also keep your device updated with the latest software to take advantage of new security updates and patches as Amazon is continuously updating their devices.
Are you breaking privacy laws by having a Ring doorbell installed?
Under Article 8 of the Human Rights Act 1998, respect for your private and family life is a legal right. This includes intrusion into your home life. These rights have been cemented in case law and the legal test is: do you have a ‘reasonable expectation’ of privacy? If so, then such privacy is protected at law. This would normally apply to someone’s home.
Under the Data Protection Act 2018, someone recording you while you are in the bounds of your property would ordinarily be a ‘controller’ of your ‘personal data’. They would then have a duty under this Act to ‘process’ (i.e. ‘use’) such data in a ‘fair and transparent’ manner. So if someone was recording you on your land without your permission or consent, then it could be argued that they have not processed your personal data in a fair or transparent manner. The ICO guidance on CCTV suggests that filming within the confines of your own home and garden falls outside of the legislation and is ok, but it is not always possible to adjust the camera on most video doorbells to avoid recording the pavement, your neighbours or other passers-by.
So if you have a Ring product (or similar device), how do you avoid infringing your neighbour’s privacy and data rights? The following tips are recommended:
- Adjust the motion and audio ‘zones’ on your Ring device to ensure they do not include your neighbour’s property
- Attach a Ring ‘warning sticker’ (which come included with every Ring device) to your front/back door to make people aware that they are being recorded if they enter your land. Ideally, the sticker or sign should tell people that recording is taking place, and why and give your contact details.
- Before you install your device, speak to your neighbour and assure them that the device will not record them or their property and that you will adjust the device zones accordingly. Tell your neighbour that if they have any concerns or questions, they should contact you in the first instance.
- Follow the conversation up with an email to confirm what was said, so you have a paper trial.
- If your neighbour continues to complain, keep a written note of all conversations (and copies of any emails and texts) and take legal advice as soon as you are able.
- Ensure you don’t capture more footage than you need to achieve your purpose in using the device, which will normally be to deter criminals or divert parcels, rather than snooping on your neighbours.
- Regularly review your device zones and settings to ensure that it does not encroach on your neighbour’s property. Keep a record of such reviews.
- Ensure the security of the footage you capture – in other words, make sure the camera is properly secured and nobody can watch its footage without good reason. Many video doorbells will archive footage to the cloud. You should not use it or share it with others.
- Only keep the footage for as long as you need it – delete it regularly, and when it is no longer needed.
- Ensure the product is only operated in ways you intend and can’t be misused for other reasons. Anyone you share your property with, such as family members who could use the equipment, need to understand the importance of not misusing it.
0 Comments
SCCs – International Transfers
by Ganesh Uttam | Nov 9, 2021 | Blog
What is the new SCC? Organizations subject to the EU GDPR are subject to Article 45 EU-DSGVO (with the exception of Article 45 EU-DSGVO (that is, unless they provide an "appropriate guarantee" within the meaning of Article 46 EU-DSGVO (with the exception)....
GDPR and how SaaS (Software as a service) businesses can become compliant with the GDPR
by Ganesh Uttam | Oct 28, 2021 | Blog
GDPR and how SaaS (Software as a service) businesses can become compliant with the GDPR On May 25, 2018, the European Union introduced the General Data Protection Regulation (GDPR) to ensure maximum data protection privileges for people across the European Union....
Data in Sports
by Ganesh Uttam | Oct 27, 2021 | Blog
Data in sports Data analytics in sports was first popularized by the efforts of Billy Beane during his reign as General manager of the Oaklands Athletics baseball team (also portrayed in the commercial film Moneyball). However, it’s a common practice now for...
CHALLENGES AND RISKS INVOLVED WITH DATA RETENTION
by Ganesh Uttam | Oct 4, 2021 | Blog
The risks of over or under retention Organizations want to be conscious of the legal guidelines that pertain to their personal data processing. Personal data have to be kept lengthy adequate to comply with applicable legal responsibility. The minimum or maximum...
Article 27 – UK & EU Representative services
by Ganesh Uttam | Oct 4, 2021 | Blog
Article 27 – UK & EU Representative services The UK entered a period of transition which ended on 31st December, 2020, as the Brexit uncertainty ended with the passing of the withdrawal agreement bill. Data controllers or processors are under the obligation to...
GDPR – Here’s What You Should Know Before Collecting Customer Personal Data
by Ganesh Uttam | Sep 16, 2021 | Blog
Data is everywhere and smart companies know how to use customer data to their advantage. If you regularly harvest customer data to understand consumer patterns and for remarketing purposes, you must know about the rules and regulations that protect customers from...