This guidance is informed by research conducted last year into public views of smart products, which explored participants’ understanding and expectations as to how their personal data is collected and handled by these devices. As a result, the guidance sets out how organisations can collect and utilise consumer data safely and appropriately.
Scope of the Draft Guidance
The draft guidance focuses specifically on the processing of personal information by organisations providing consumer IoT products, such as smart speakers, watches, fitness trackers, home hubs, and connected appliances. It does not cover connected and autonomous vehicles, smart meters, smart cities, or industrial and enterprise IoT applications.
The guidance addresses a series of questions:
What information do Internet of Things (IoT) products use?
How do we ensure accountability in IoT products?
How do we ensure our IoT products process information lawfully?
How do we ensure our IoT products process personal information fairly?
How should we tell people what we’re doing?
How do we ensure accuracy in IoT?
How do we help people exercise their rights?
The guidance focuses on the principle of data protection by design and default. At different stages in the manufacturing process, any organisation might be a controller, joint controller or a processor, with their roles and responsibilities varying accordingly. Establishing these roles is extremely important for determining accountability and therefore who is responsible for data protection obligations. This is particularly pertinent for products that process children’s information, which should also comply with the ICO’s children’s code.
Obtaining consent from users is another key theme of the guidance, with an emphasis on ensuring this consent is freely given and unambiguous. The guidance offers a number of practical steps for organisations to help fulfil these requirements, including avoiding unnecessarily disruptive prompts, and refraining from using option labels that could influence users into consenting through emotionally charged language that invites guilt or other negative emotions.
A major strength of this guidance is the extensive usage of practical examples, including visuals depicting the set-up of a smart watch.
Transparency is another core focus, with the guidance noting that ‘being transparent about your use of people’s personal information is closely linked to fairness’. Organisations must clearly inform users of their intent to process their personal data, regardless of the type of IoT product, and provide a clear explanation of how they intend to use said data. Beyond this, the guidance invites organisations to consider how to present this information in the most appropriate and accessible manner, for instance identifying the appropriate point in a user journey to surface it.
On data retention, the guidance sets out that personal data should not be stored for longer than is necessary. The ICO recognise it is not possible to mandate specific time frames, as these vary depending on the situation and purposes for processing the data, but strongly encourage organisations to regularly review their retention periods. Similarly, if an IoT product involves data sharing with other organisations, there should be a mutually agreed process for determining how long the data is retained and when it should no longer be shared.
The ICO have also looked to how organisations can empower their users to exercise their rights, clarifying their position on:
Right of access - Users have a right to see the information organisations collect and share about them, and can access this through issuing a subject access request. Organisations should work to ensure this process is not “unnecessarily cumbersome” and consider when users are most likely to issue such requests.
Right to rectification - Users may request correction of any inaccurate personal information held about them, with organisations expected to act within a month. The guidance also invites companies to consider whether users should have the tools to amend such information themselves, where appropriate.
Right to erasure - Users have a right to erasure, also known as the right to be forgotten, which should be adhered to unless specific circumstances apply, as outlined in the ICO’s right to erasure guidance. This right should be made clear and offered in the “most appropriate and logical way” for the user. Beyond this, it should be made clear that simply deleting an app or account does not necessarily erase their data.
Right to data portability - When a user wishes to transfer their personal data from one IoT product to another, organisations must provide this data in a usable format, and transmit this personal information to the new provider, if it is technically feasible.
Right to object - Users may object to the processing of their personal information at any time, although the circumstances where this right applies depends on the purposes for processing and the lawful basis used. This is, however, an absolute right when it pertains to direct marketing purposes, and therefore organisations must inform people how to object to targeted online advertising.
The draft guidance is now subject to consultation until the end of Sunday 7 September 2025. To share any feedback or questions on the draft guidance, please reach out to Audre ([email protected]) and Dani ([email protected]).
Samiah Anderson
Head of Digital Regulation, techUK
Samiah Anderson
Head of Digital Regulation, techUK
Samiah Anderson is the Head of Digital Regulation at techUK.
With over six years of Government Affairs expertise, Samiah has built a solid reputation as a tech policy specialist, engaging regularly with UK Government Ministers, senior civil servants and UK Parliamentarians.
Before joining techUK, Samiah led several public affairs functions for international tech firms and coalitions at Burson Global (formerly Hill & Knowlton), delivering CEO-level strategic counsel on political, legislative, and regulatory issues in the UK, EU, US, China, India, and Japan. She is adept at mobilising multinational companies and industry associations, focusing on cross-cutting digital regulatory issues such as competition, artificial intelligence, and more.
She holds a BA (Hons) in Politics, Philosophy, and Economics from the University of London, where she founded the New School Economics Society, the Goldsmiths University chapter of Rethinking Economics.
Audre joined techUK in July 2023 as a Policy Manager for Data. Previously, she was a Policy Advisor in the Civil Service, where she worked on the Digital Markets, Competition and Consumers Bill at the Department for Science, Innovation and Technology, and at HM Treasury on designing COVID-19 support schemes and delivering the Financial Services and Markets Bill. Before that, Audre worked at a public relations consultancy, advising public and private sector clients on their communications, public relations, and government affairs strategy.
Prior to this, Audre completed an MSc in Public Policy at the Korea Development Institute and a Bachelor's in International Relations and History from SOAS, University of London. Outside of work, she enjoys spending time outdoors, learning about new cultures through travel and food, and going on adventures.
Dani joined techUK in February 2025 as a Policy Manager in the Digital Regulation team.
Prior to this, Dani worked in political monitoring where she was a consultant for Digital, Culture, Media and Sport. In this role, she developed a strong understanding of parliamentary procedure, closely following all of the major developments in the tech centre and working with several key stakeholders and regulators.
She has an undergraduate degree in History from the University of Bristol and an MPhil in Modern European History from the University of Cambridge.
Outside of tech, Dani has a strong interest in addiction policy, particularly towards drugs, having written her dissertation on the topic as well as several subsequent research projects. In her spare time, she enjoys cooking and following all things motoring, whether that be F1, MotoGP or Formula E.
Oliver is a Junior Policy Manager at techUK, working across Public Affairs and Digital Regulation policy. He supports the organisation’s engagement with government and parliament, contributes to shaping techUK’s regulatory agenda, and plays a key role in coordinating political outreach, policy projects, and flagship events.
He joined techUK in November 2023 as a Team Assistant to the Policy and Public Affairs team, before stepping into his current role. He has been closely involved in efforts to ensure the tech sector’s voice is heard in the policymaking process.
Oliver holds a Master’s in Policy Research from the University of Bristol and a BSc in Policy from Swansea University. During his studies, he contributed to mental health research as a Student Research Assistant for the SMaRteN network.
Outside of work, Oliver is a keen debater and remains active in the UK debating community, having previously led the Swansea University Debating Union. He enjoys exploring complex issues from multiple perspectives and values clear, thoughtful communication in policy discussions.
techUK's Policy and Public Affairs Programme activities
techUK helps our members understand, engage and influence the development of digital and tech policy in the UK and beyond. We support our members to understand some of the most complex and thorny policy questions that confront our sector. Visit the programme page here.
techUK Report - Evolving Digital Regulation for Growth and Innovation
techUK is excited to announce its Pro-Growth Regulation Report, "Evolving Digital Regulation for Growth and Innovation
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Antony Walker is deputy CEO of techUK, which he played a lead role in launching in November 2013.
Antony is a member of the senior leadership team and has overall responsibility for techUK’s policy work. Prior to his appointment in July 2012 Antony was chief executive of the Broadband Stakeholder Group (BSG), the UK’s independent advisory group on broadband policy. Antony was closely involved in the development of broadband policy development in the UK since the BSG was established in 2001 and authored several major reports to government. He also led the development of the UK’s world leading Open Internet Code of Practice that addresses the issue of net neutrality in the UK. Prior to setting up the BSG, Antony spent six years working in Brussels for the American Chamber of Commerce following and writing about telecoms issues and as a consultant working on EU social affairs and environmental issues. Antony is a graduate of Aberdeen University and KU Leuven and is also a Policy Fellow Alumni of the Centre for Science and Policy at Cambridge University.
As Head of Public Affairs, Alice supports techUK’s strategic engagement with Westminster, Whitehall and beyond. She regularly works to engage with ministers, members of the UK’s parliaments and senior civil servants on techUK’s work advocating for the role of technology in the UK’s economy as well as wider society.
Alice joined techUK in 2022. She has experience working at both a political monitoring company, leading on the tech, media and telecoms portfolio there, and also as an account manager in a Westminster-based public affairs agency. She has a degree from the University of Sheffield in Politics and Philosophy.
Edward leads the Digital Economy programme at techUK, which includes our work on online safety, fraud, and regulation for growth initiatives.
He has prior experience working for the Department for Digital, Culture, Media and Sport and has previously worked for a number of public affairs consultancies specialising in research and strategy, working with leading clients in the technology and financial services sectors.
Samiah Anderson is the Head of Digital Regulation at techUK.
With over six years of Government Affairs expertise, Samiah has built a solid reputation as a tech policy specialist, engaging regularly with UK Government Ministers, senior civil servants and UK Parliamentarians.
Before joining techUK, Samiah led several public affairs functions for international tech firms and coalitions at Burson Global (formerly Hill & Knowlton), delivering CEO-level strategic counsel on political, legislative, and regulatory issues in the UK, EU, US, China, India, and Japan. She is adept at mobilising multinational companies and industry associations, focusing on cross-cutting digital regulatory issues such as competition, artificial intelligence, and more.
She holds a BA (Hons) in Politics, Philosophy, and Economics from the University of London, where she founded the New School Economics Society, the Goldsmiths University chapter of Rethinking Economics.
Audre joined techUK in July 2023 as a Policy Manager for Data. Previously, she was a Policy Advisor in the Civil Service, where she worked on the Digital Markets, Competition and Consumers Bill at the Department for Science, Innovation and Technology, and at HM Treasury on designing COVID-19 support schemes and delivering the Financial Services and Markets Bill. Before that, Audre worked at a public relations consultancy, advising public and private sector clients on their communications, public relations, and government affairs strategy.
Prior to this, Audre completed an MSc in Public Policy at the Korea Development Institute and a Bachelor's in International Relations and History from SOAS, University of London. Outside of work, she enjoys spending time outdoors, learning about new cultures through travel and food, and going on adventures.
Mia focuses on shaping a policy environment that fosters the expansion of the UK tech sector while maximising the transformative potential of technology across all industries.
Prior to joining techUK, Mia worked as a Senior Policy Adviser at the Confederation of British Industry (CBI) within the Policy Unit.
Mia holds an MSc in International Development from the University of Manchester and a BA(Hons) in Politics and International Relations from the University of Nottingham.
Archie Breare joined techUK in September 2022 as the Telecoms Programme intern, and moved into the Policy and Public Affairs team in February 2023.
Before starting at techUK, Archie was a student at the University of Cambridge, completing an undergraduate degree in History and a master's degree in Modern British History.
In his spare time, he likes to read, discuss current affairs, and to try and persuade himself to cycle more.
Nimmi Patel is the Head of Skills, Talent and Diversity at techUK. She works on all things skills, education, and future of work policy, focusing on upskilling and retraining. Nimmi is also an Advisory Board member of Digital Futures at Work Research Centre (digit). The Centre research aims to increase understanding of how digital technologies are changing work and the implications for employers, workers, job seekers and governments.
Prior to joining the techUK team, she worked for the UK Labour Party and New Zealand Labour Party, and holds an MA in Strategic Communications at King’s College London and BA in Politics, Philosophy and Economics from the University of Manchester. She also took part in the 2024-25 University of Bath Institute for Policy Research Policy Fellowship Programme and is the Education and Skills Policy Co-lead for Labour in Communications.
Dani joined techUK in February 2025 as a Policy Manager in the Digital Regulation team.
Prior to this, Dani worked in political monitoring where she was a consultant for Digital, Culture, Media and Sport. In this role, she developed a strong understanding of parliamentary procedure, closely following all of the major developments in the tech centre and working with several key stakeholders and regulators.
She has an undergraduate degree in History from the University of Bristol and an MPhil in Modern European History from the University of Cambridge.
Outside of tech, Dani has a strong interest in addiction policy, particularly towards drugs, having written her dissertation on the topic as well as several subsequent research projects. In her spare time, she enjoys cooking and following all things motoring, whether that be F1, MotoGP or Formula E.
Oliver is a Junior Policy Manager at techUK, working across Public Affairs and Digital Regulation policy. He supports the organisation’s engagement with government and parliament, contributes to shaping techUK’s regulatory agenda, and plays a key role in coordinating political outreach, policy projects, and flagship events.
He joined techUK in November 2023 as a Team Assistant to the Policy and Public Affairs team, before stepping into his current role. He has been closely involved in efforts to ensure the tech sector’s voice is heard in the policymaking process.
Oliver holds a Master’s in Policy Research from the University of Bristol and a BSc in Policy from Swansea University. During his studies, he contributed to mental health research as a Student Research Assistant for the SMaRteN network.
Outside of work, Oliver is a keen debater and remains active in the UK debating community, having previously led the Swansea University Debating Union. He enjoys exploring complex issues from multiple perspectives and values clear, thoughtful communication in policy discussions.
Tess joined techUK as an Policy and Public Affairs Team Assistant in November of 2024. In this role, she supports areas such as administration, member communications and media content.
Before joining the Team, she gained experience working as an Intern in both campaign support for MPs and Councilors during the 2024 Local and General Election, and working for the Casimir Pulaski Foundation on defence and international secuirty. She has worked for multiple charities, on issues such as the climate crisis, educational inequality and Violence Against Women and Girls (VAWG). In 2023, Tess obtained her Bachelors of Arts in Politics and International Relations from the University of Nottingham.
