The Case for GDPR Lifting the European Smart Home

Subscribe To Download This Insight

2Q 2018 | IN-5159

The General Data Protection Regulation (GDPR) came into force on May 29. The regulations have ramifications for any service providers, retailers, or other organizations keeping and leveraging customer data within their operations. Given the importance of data collection in driving smart home adoption, particularly in the leading North American market, it is worth considering whether the new requirement will further stymie the growth of the still nascent European smart home market.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

GDPR and the Smart Home

NEWS


The General Data Protection Regulation (GDPR) came into force on May 29. The regulations have ramifications for any service providers, retailers, or other organizations keeping and leveraging customer data within their operations. Given the importance of data collection in driving smart home adoption, particularly in the leading North American market, it is worth considering whether the new requirement will further stymie the growth of the still nascent European smart home market.

The Link Between of Smart Home and Data Privacy 

IMPACT


On the day that GDPR came into force, European users of Yeelight, a smart lighting unit of Chinese CE giant Xiaomi, found that several of the smart home services they used had been suspended. Features leveraging personal preferences and settings such as Room, Scenes, and Favorites had all been halted. Individual light bulbs were still functional but only if they were switched on one at a time.  Initially, users looking to access these services faced an in-app message stating, “according to GDPR, we will not be able to continue to provide this service to you.” The company later issued a statement adding that it was working on a software update that will be completed within “about a week” and that users outside Europe would not be affected.

There is every reason for companies affected by GDPR to be careful. The maximum penalty for noncompliance is set at €20 million or 4% of the organization’s annual global turnover, whichever is higher. Within hours of the regulations coming into effect, Facebook and Google were both the subjects of lawsuits filed by data privacy advocate Max Schrems, who sought to fine Facebook 3.9 billion and Google €3.7 billion. The suit maintains that the although both companies rolled out new policies to comply with GDPR, they only offer users an all-or-nothing choice when it comes to data collected and services provided rather than itemized consent. Both companies reject the charges. In the following days, Google, Facebook, Amazon, and Apple had similar complaints filed against them by French digital rights group La Quadrature du Net. While smart home services have not been the listed in the complaints, the potential remains where these players are engaged in the smart home space. 

In the lead up to GDRP’s implementation, near constant reminders to consumers from existing service providers were issued as fears around data privacy had already been escalated by the Cambridge Analytica/Facebook breach and the ensuring inquiries in Europe and elsewhere. Further compounding the issue regarding smart home data capture, news stories related to the distribution of a recording of private conversation to a third-party via an Amazon Echo device in the United States gained widespread coverage.

Smart Home’s European Challenge

RECOMMENDATIONS


Western Europe has long lagged behind the United States in smart home market development and consumer adoption and it has faced an array of challenges that the U.S. market did not have to tackle. Without high penetration of monitored security as a subscriber base, the monthly subscription model for smart home has floundered. Most recently, Telefónica’s U.K. operation O2 killed its smart home subscriber model pilot at the end of last year after just over a year’s trial. In some countries, privacy concerns have been raised as another limitation on European consumer interest in smart home adoption.

Consumer concerns over smart home data privacy has led to some players highlighting their more stringent data privacy approach. Competing European plays such as Deutsche Telekom’s smart home efforts, which will include the DT Magenta smart home voice control front-end device, are marketed with data privacy as a primary standout criterion. In the DT implementation, all end-user data remains within Germany.

Data collection has been at the heart of many of the largest smart home engagements. Smart home voice control is primarily driven by Amazon Echo and Google Home devices, which have applications built to collect and leverage consumer data. These devices are key in driving awareness and acceptance of smart home in Europe. Smart home device vendors, particularly those offering smart lighting, have seen a significant sales lift in markets where Amazon and Google have bought their voice control front-end devices to market.

So far these are available in only a handful of European countries. Google Home is available in the United Kingdom, Germany, France, and Italy. Amazon is available in the United Kingdom and in Germany with native language support, but also in Belgium, Denmark, Finland, Greece, Iceland, Liechtenstein, Luxembourg, the Netherlands, Norway, and Sweden. Questions remain over how GDPR might impact the willingness of these players and others to invest in bringing their devices to European Union (EU) markets, where the overhead and the return with regard to using consumer privacy may be impaired.

For example, voice control platforms like Amazon Alexa and Google Assistant rely heavily on Artificial Intelligence (AI) to drive useful services and consumer interactions. GDPR impacts how companies and their smart home platforms can use user data in their AI algorithms. The regulation provides rights for individuals to have a review and explanation of algorithmic decisions, which could make it more difficult for companies to automate certain processes using AI. It could also impact the cost of AI provision both in support of the requirements but also in adding manual aspects to algorithms that would otherwise have been automated.

GDPR restrictions on the use of personal data could also reduce AI accuracy by limiting the data pool that can be leveraged and shared. In addition, GDPR could make advanced data processing could both legally and financially risky.

While GDPR may raise the bar for data privacy transparency, it is unlikely to stifle smart home adoption in Europe. The requirements of the regulation have long been available for smart home providers and others to develop ways to adhere to the regulations and still derive value form smart home data. The legislation may well have the effect of allying the fears of a so far broadly unimpressed smart home consumer market, by delivering greater potential to control and restrict how consumer data is collected and used. In addition, the regulation promises to tackle another issue smart home vendors have faced in developing European offerings. As well as the patchwork of different language support required across the EU, vendors have, until the implementation of GDPR, faced a similar mix of national data privacy requirements that had to be adhered to. With GDPR, the same regulations apply across the EU market.  Still faced with language differences, the ability to roll out an EU-wide data privacy policy should still help drive smart home availability and growth.

Finally, despite O2’s decision to halt its smart home offering, in the past few months both British Telecom and Vodafone have launched their own first smart home programs, while others such as Swisscom, for example, have evolved their smart home engagement from a subscriber, security application based model to embracing smart home as a core service. The national telco has embedded smart home platform support in all the routers serving its 1.5 million broadband subscribers. Similarly, DT is also in the process of supporting smart home services across its broadband base as it upgrades its current router install base to smart home capable devices.

There are many differences in the way the smart home market has and will develop in comparison with the bellwether U.S. market. ABI Research provides detailed analysis of the key differences within its smart home service and will detail the key issues within the EU market in an upcoming report set for publication in June. While in the short term, fears regarding GDPR limiting and complicating smart home engagement may be rife, ABI Research believes it should not be considered a long-term barrier to service provider engagement in the European smart home market. GDPR may represent an incremental cost associated with being in the market but, if handled correctly, smart home providers should be able to leverage the new regulations, not just to reach across the EU market with a single data privacy policy, but also as a way of allying potential consumer concerns. For the companies that put data transparency at the heart of their offerings, it could become a key marketing advantage and a resource that could be leveraged not just within the EU but elsewhere too.

Services

Companies Mentioned