Privacy in Smart Home: I Feel Like Someone’s Seeing Me


“Hey, Siri, play some music.” Have you ever used Apple’s HomePod?

Fig1.Spike Jonze for Apple HomePod – Welcome Home 

In the ad for the Apple HomePod, the girl comes home after a hard day and uses the HomePod. The AD showcases the transformative power of music and Apple HomePod to create immersive, engaging home environments. It conveys a sense of escape and expansion beyond the mundane, illustrating how HomePod can enrich people’s living Spaces with music, turning them into a vibrant, almost magical place. The ad wants consumers to feel inspired and uplifted and to see the HomePod as not just a speaker but as a gateway to a more vibrant, imaginative home life.

With the continuous development of the Internet of Things and artificial intelligence technology, more and more smart homes have entered people’s lives. Homes get smarter, giving consumers a gateway to a more comfortable, vibrant, and imaginative home life.

However, while smart homes bring comfort and convenience to people’s daily lives, they also raise a series of concerns about potential personal privacy risks. These smart devices collect personalized personal information about users. Once these sensitive data are leaked or abused, it will have a huge impact on the personal and property safety of users. How to determine the information collected by smart devices as a violation of personal privacy, how to manage such data, whether there are laws to protect consumers and other related issues have become increasingly crucial.

What is the Internet of Things?

Fig2. An overview of IoT architecture (Rachakonda et al., 2024)

The Internet of Things (IoT) represents a fascinating web of connectivity, transforming ordinary objects into smart, autonomous participants in our daily lives. This intricate network encompasses everything from our smartphones and smart home devices to advanced industrial tools. Smart speakers like Amazon’s Echo and Google Home make playing music and set timers easier. Home security systems make monitoring what’s happening inside and outside easier, and even talk to visitors through devices.  Meanwhile, smart air conditioners can help cool our homes before we return, and smart light bulbs can automatically switch on and off by command(Ranger, 2020).

These smart devices are connected to each other, collect, share, and analyze data, and are able to act on their own without human intervention. It’s a concept that’s turning the world smarter and more responsive, making our environments more attuned to our needs and preferences (Ranger, 2020).

The amount of data generated by the IoT is expected to reach 79.4 zettabytes in 2025, while IoT devices are expected to grow to 75.44 billion units, an increase of 146 percent compared to 2020. The scale of the Internet of Things is getting bigger and bigger. This explosion of devices and data points to a future where our lives are even more deeply intertwined with technology.

Our Privacy

“The right to privacy is not an absolute human right, but one grounded in particular social and legal contexts.”

Flew (2021)

This nuanced perspective reminds us that privacy, as we understand and experience it, is deeply influenced by the cultural and legal tapestry of our societies. In different social and cultural backgrounds, different countries have different definitions of personal privacy. Therefore, the legal provisions in different countries have different tendencies to protect personal privacy (Humphry, 2024).

Tracing back to 1888, Judge Cooley conceptualized privacy as “the right to be left alone,” laying the foundational stone for future legal interpretations. Fast forward to the present, most jurisdictions safeguard privacy with a focus on the sanctity of private and family life, the inviolability of one’s home, and the confidentiality of correspondence. In the People’s Republic of China, for instance, the Civil Code enshrines privacy as encompassing one’s personal space, activities, moods, and information that an individual prefers to keep undisclosed.

With the development of the digital Internet, collecting, storing, and using personal information is a hot topic of discussion. There is no way to avoid data analytics – data analytics have become so intertwined with people’s lives – from social networking to e-commerce, healthcare, national security, research, and more. In the process of analysis, information is constantly added, and the information becomes more and more detailed, including people’s biological characteristics, people’s social relations, people’s behavior habits, people’s interests, and preferences. Analysis of this personal information can obtain sensitive information about people, including information about identification, habits, social relations, political leanings, and social behavior.  The disclosure or misuse of this sensitive information could adversely affect people’s reputations or financial situation. The negative impacts also include fundamental rights and morals, such as freedom of expression and respect for private and family life. (Nissim and Wood, 2018).

Surveying the legal landscapes across the globe, such as the European Union’s General Data Protection Regulation (GDPR) the United State’s Health Insurance Portability and Accountability Act (HIPAA), Australia’s Privacy Act (APA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), it’s clear that these legislative frameworks designed to safeguard personal data uniformly highlight the individual’s right to control their own information.

What about the smart home security in privacy?

As we entrust our daily routines to an array of smart devices, from TVs and phones to surveillance cameras and speakers, we also open the door to potential privacy breaches. A stark reminder of this vulnerability surfaced in Australia when a home security camera was hacked, and its feed streamed live on a Russian website, exposing the intimate moments of daily life without consent (Roberts, 2020).

Every part of the IoT structure uses a large amount of personal information every second, such as data storage, transmission, and analysis. Access to this sensitive data can bring huge benefits to cyber criminals, and this data is also vulnerable to privacy risks. Thus, how to protect this sensitive data from unauthorized access is critical (Rachakonda et al., 2024).

Different types of smart devices pose different potential privacy risks. Smart TVs and smartphones may eavesdrop on users’ daily conversations and track browsing preferences and habits. Smartphones may also distribute and store users’ photos and videos on their devices or cloud storage services without authorization. Smart surveillance devices can monitor all private information within the device’s field of view and may disseminate video recorded through the device without authorization. The personal collection and processing rules of smart speakers are vague, and there is a risk of excessive collection and use.

The vulnerabilities that compromise our privacy extend across several domains. Technologically, the web servers connecting smart devices are susceptible to hacks, posing a risk of data breaches. From a provider’s standpoint, there’s the danger of mishandled personal data—selling information to third parties or failing to uphold privacy safeguards. Legally, gaps in the regulatory framework might leave users without adequate protection, while violators face insufficient penalties. And on a personal level, users may unwittingly exacerbate these risks by overlooking privacy settings or not fully understanding their devices’ capabilities (Lee, 2020).

The advancement of smart technologies, particularly those employing biometrics for personalization, adds another layer of complexity. Smart stereos, for example, use voice recognition, one of the biometric technologies. By using unique human biometrics (e.g., pitch, timbre, etc.), smart audio can accurately recognize someone. This kind of biological information has uniqueness and permanence – it is inherent in people and stays with them for life. Once this type of information is compromised, all of his voice communications can be intercepted, and the person can be tracked all the time. Computers can extend this to entire populations, thus transforming them into mass surveillance programs (Pastukhov and Kindt, 2016).

Privacy Paradox

Do device users really care about their privacy?

The privacy paradox refers to the difference between users’ attitudes toward personal privacy and their actual behavior (Kokolakis, 2017).

There are many reasons for the privacy paradox. People do not realize the importance of protecting personal information and do not realize that some information belongs to their own personal privacy. It is often difficult for users to give up the convenience and comfortable life experience brought by smart homes, which outweighs the potential privacy risks, so they are often willing to compromise their personal information in exchange. It is not easy for people to relate the value of privacy to personal privacy. As a result of these factors, the phenomenon of privacy paradox appears (Bongiovanni et al., 2020).

The nature of the information in question also plays a critical role. Identity details, preferences, and behavioral data carry different weights in our privacy calculus. While some information, like political preferences, might be guarded closely, other types, such as browsing history, may not trigger the same protective instincts.  In addition, different types of privacy risks, such as bullying and stalking, secondary use of data, and unauthorized, improper access by third parties, similarly have different impacts on attitudes and behaviors (Kokolakis, 2017).

It is worth noting that users’ concerns about the threat to their privacy posed by these smart devices contradict their expectations for more convenient and personalized services. Instead of taking action to defend their rights (e.g., stopping the use of smart devices or checking their IP), they are focusing more on provider compliance and placing more hope in legislation and government regulation of operators (Liu et al., 2020).

What are we going to do?

Users should be aware that our judgments about the benefits and privacy risks of these smart homes may not be accurate, so it is beneficial to take the time to read the privacy terms and policies of these smart devices. At the same time, we need to realize that our personal information is not trivial and cannot be of interest to others. Finally, set stronger passwords for smart home devices to protect our privacy better (Bongiovanni et al., 2020).

For the regulation, these smart home devices must comply with relevant laws and regulations. In China, for example, to protect people’s personal privacy, the Chinese government has issued the Personal Information Protection Law, the Network Security Law, the Data Security Law, and the Consumer Rights and Interests Protection Law, which can promote the Smart Home appliance industry to comply with the relevant regulations and restrain the improper behaviors of the relevant industries (Liu et al., 2020).

For service providers, transparency features should be considered when providing home IoT services. Providing transparent data collection, data storage, and data usage can enhance the level of trust and increase the sense of control among users. It can effectively reduce users’ concerns about data misuse. In addition, increased transparency is more conducive to user and government supervision and management of data security (Zhang et al., 2023).


In an era where technology develops by the minute, our right to privacy, as highlighted by Flew (2021), has been taken to be an inherent human right. There is no denying that the emergence of artificial intelligence and the Internet of Things has brought huge benefits, bringing people a more comfortable lifestyle and making our lives accessible. However, technological achievement is not without pitfalls. Smart devices provide personalized services to users by collecting and processing their personal information. The disclosure and abuse of personal information will have a great negative impact on people’s lives.

In order to provide users with a safer and more comfortable experience, both the government and home IoT providers need to make more efforts. The government should formulate more reasonable terms of personal privacy and strengthen the regulation of cybercriminals and companies that collect data illegally. And companies need to focus on setting up firewalls. In addition, users should not get caught up in the privacy paradox. Users should be more proactive in protecting their privacy. Users can adopt a variety of ways to protect their personal information, carefully read the user privacy terms of use of smart products, and set a higher level of password protection. Users should think more actively about whether it is worth authorizing these smart products to collect personal information to provide services.


Ali, B., & Awad, A. (2018). Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes. Sensors, 18(3), 817.

Australian Privacy Law and Practice (ALRC Report 108). (2008).

Bongiovanni, I., & Renaud, K. (2020, June 29). The privacy paradox: We claim we care about our data, so why don’t our actions match?

General data protection regulation(gdpr). (2018).

Humphry, J. (2024). ARIN6902 Internet cultures and governance, week 4: issues of concern: privacy, security and digital rights [PowerPoint slides]. University of Sydney Canvas.

Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security, 64, 122–134.

Lee, H. (2020). Home IoT resistance: Extended privacy and vulnerability perspective. Telematics and Informatics, 49, 101377.

Liu, Y., Huang, L., Yan, W., Wang, X., & Zhang, R. (2022). Privacy in AI and the IoT: The privacy concerns of smart speaker users and the Personal Information Protection Law in China. Telecommunications Policy, 46(7), 102334.

Nissim, K., & Wood, A. (2018). Is privacy privacy ? Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 376(2128), 20170358.

Pastukhov, O., & Kindt, E. (2016, October 6). Voice Recognition: Risks To Our Privacy.

Rachakonda, L. P., Siddula, M., & Sathya, V. (2024). A comprehensive study on IoT privacy and security challenges with focus on spectrum sharing in Next-Generation networks(5G/6G/beyond). High-Confidence Computing, 100220.

Ranger, S. (2020, February 3). What is the IoT? Everything you need to know about the Internet of Things right now.

Roberts, G. (2020, June 24). Australian security cameras hacked, streamed on a Russian-based website.

Flew, T. (2021). Regulating platforms. Polity Press.

Zhang, F., Pan, Z., & Lu, Y. (2023). AIoT-enabled smart surveillance for personal data digitalization: Contextual personalization-privacy paradox in smart home. Information & Management, 60(2), 103736.

Be the first to comment

Leave a Reply