Consumers have the option to track location, activity and health data of their pets but the Bristol Cyber Security Group have found these wearables do not always acknowledge the privacy implications for the humans and their data.

The collaborative research carried out between the University of Bristol and the University of Haifa, Israel, has been peer-reviewed in an article published in IEEE Security & Privacy. The results provided clear insights into the extent of data known to be captured by 19 pet wearable devices available to consumers.

Lead researcher, Dr Dirk van der Linden, from the University’s Faculty of Engineering said: “The consumer's desire to provide the best care for their pets combined with the marketing of the device may lull them into a false sense of security.  It is the owner who is the actual user of the product, and the data collected from the pet wearable has privacy implications for the humans.”

Access to pet activity data could be used to build profiles on pet owners, with implications ranging from burglars knowing when to approach a home, to insurance companies inferring health profiles of pet owners via their dog’s activity.”

Key findings of the research conclude that data captured on the pet owner is four times higher than that captured of the pet and that there is a lack of clarity on the type of data that is stored. 

The study also discovered that six of the 19 devices are compliant with General Data Protection Regulation (GDPR) legislation and several devices had a clear mismatch between their marketing and the data captured. Of the 19 devices tested, seven had location tracking functionality but did not detail any location data in their privacy policy.

The paper recommends clearer marketing of the devices and explicitly marking pet activity data as personal data to ensure more transparency for users.

Paper

‘Buddies wearable is not your buddy – privacy implications of pet wearables' by D. van der Linden, A.Zamansky, I.Hadar, B. Craggs, A. Rashid in IEEE Security & Privacy