Data Protection: Smart Choices Even In A Smart TV World


“This is an interactive film where you make choices which alter the story. Throughout your viewing, there will be moments where choices will be presented at the bottom of the screen. To select one, just tap on it”. This is the initial banner the viewer sees at the beginning of Bandersnatch, the new episode in the Black Mirror television series, broadcast by the online streaming platform Netflix.

Bandersnatch is one of the many examples of interactive TV, an existent reality in which users interface with increasingly advanced Smart TVs, personal digital assistants and sophisticated applications. Despite the benefits of the seemingly unlimited ability to interact with devices,third-party provider applications and services, risks arising from this digital dialectic must be taken into account, mainly related to user data privacy.

The latest generation of Smart TVs are equipped with a number of interactive features, including an internet connection, voice and facial recognition, motion control, and a personal account creation procedure to make the viewing experience as personalized as possible. Establishing an Internet connection, and enabling these services, starts flow of data from users' devices, with consequent impacts on their privacy.

Through these features, device manufacturers and operators collect a huge amount of data, including users' personal information, services and applications on the individual device, TV location, biometric and voice data. In addition, the use of interactive features also makes it possible to identify users.

Prior to the implementation of European Regulation 679/2016 (“GDPR”), the Italian Privacy Guarantor and other European data protection authorities (e.g. in Germany and the Netherlands) had started to examine the issue, anticipating the possible risks arising from the use of interactive devices, and trying to provide useful guidance for users and manufacturers.

Attempts to buffer such outcomes include Article 25 of GDPR, which establishes the need to operate according to the principle of “privacy by design”. In the digital context there is a strong need to ensure privacy from the design phase of the devices, as it is essential to make a prior assessment of the privacy impact.

Users must always be provided with appropriate information that clearly describes, among other things, the type of data collected, the purposes of processing and how data transfer to third parties is regulated. These third parties, in...

To continue reading