The document discusses the privacy risks associated with IoT devices in Indian households, highlighting issues such as data collection, data breaches, and inadequate legal frameworks to protect consumer privacy. Notable incidents like the Mirae botnet attack and the Verkada camera breach demonstrate the vulnerabilities present in IoT systems. Recommendations for mitigating these risks include implementing stronger security measures, enhancing consumer awareness, and enacting more robust regulatory frameworks.

1. DATA PRIVACY RISKS WITH IOT
DEVICES IN INDIAN
HOUSEHOLDS
Submitted by – Ritika
21BAL5222
SUBJECT - DATA PRIVACY LAWS
SUBJECT CODE – 21LLT-463
SUBMITTED TO – MS. NYAMAT SEKHON

2. INTRODUCTION
• IoT devices are transforming daily life in Indian households
which include smart phones , smart speakers etc.
• These devices collect and share personal data , rising concerns
about privacy and security .
• The objective of this presentation is to highlight privacy risks
with IoT in Indian households and explore challenges with
potential solutions .

3. WHAT ARE IOT ( INTERNET OF THINGS) DEVICES?
• IOT devices are everyday objects that are connected to the
internet and can send or receive data .These devices include –
 Smart phones , smart TVs , smart speakers e.g , Alexa .
 Fitness wearable devices , smart home appliances like Fitbit ,
smartwatches , refrigerators)
In 2023 Indian IoT market was valued at approx. US$ 1.2 billion
expected to reach US$ 3.3 billion by 2032 ( Indian Market
Reseach and Consulting )

4. PRIVACY RICKS WITH IOT DEVICES
1. DATA COLLECTION –IoT devices constantly collect data on user
habits and preferences . A study by NEW York University
researchers revealed that smart home devices exposed sensitive
data within local networks using standard protocols like UPnP
which can leak geolocation data enabling unauthorized access and
surveillance.
2. DATA BREACHES – Vulnerability of connected devices to
cyberattacks like hacking leads to data breaching .
3. EAVESDROPPING AND SURVEILLANCE- Potential for unauthorized
access to audio , video and personal information .
4. INSECURE DEVICES – Devices with weak security features could
be hacked , allowing cyber criminals to access private data.

5. PRIVACY RISKS WITH IOT DEVICES IN
INDIA
1. DATA LOCALITY – Concerns regarding data storage in foreign countries and potential
misuse of personal information . For e.g – access of personal data collected from
Indians by Bytedance owned by Tiktok a Chinese company raised privacy concerns .
2. LEGAL FRAMEWORK – gaps in the legal and regulatory framewrork to protect
consumer privacy in India.
3. CULTURAL SENSITIVITY – Privacy violations could be particularly sensitive in the
context of family and commute privacy .
4. LACK OF AWARENESS – Many users in India are still unaware of digital security risks
which are associated with IoT devices.

6. CASE STUDY OF IOT PRIVACY RISKS
• Mirae Botnet Attack (2016) - . This attack, which took place on October 29, 2024,
was a massive 5.6 Terabit per second (Tbps) Distributed Denial-of-Service (DDoS)
attack.This attack was launched using over 13,000 compromised Internet of Things
(IoT) devices. It targeted an unnamed internet service provider in Eastern Asia and
lasted only 80 seconds, but it was the largest DDoS attack ever recorded.
• THE VERKADA CAMERA BREACH (2021) - Hackers gained access to over 150,000
internet-connected security cameRas used in various sensitive locations, including
hospitals, schools, jails, and companies like Tesla and Cloudflare.The breach was
conducted by a hacker group called APT-69420, led by Tillie Kottman, who exploited a
misconfigured server to gain access.

7. SOLUTIONS AND RECCOMENDATIONS
1. SECURITY MEASURES FOR IoT DEVICES – Usage of strong passwords along with 2
factor authentication can help . Regular firmware updates to address vulnerability
should be considered .
2. Consumer awareness – Educating Indian households and spreading awareness about
the proper usage of IoT devices and their potential risks .
3. REGULATORY MEASURES – Stronger privacy measures like Personal Data Protection
Bill (PDPB) to ensure data security along with proper execution by the government .
4. SECURE DATA PRACTICES – opting for devices with end to end encryption and
secure data storage options.

8. LAWS RELATED TO IOT IN INDIA
1. Draft IoT Policy: Introduced in 2015, this policy aims to promote the creation of an
IoT ecosystem and develop IoT products tailored to Indian needs in areas like
agriculture, health, and natural disaster management.
2. Digital Personal Data Protection (DPDP) Act, 2023:This act strengthens data
privacy rights and aims to protect personal data in the digital age.
3. National Digital Communications Policy: Focuses on creating a secure and trusted
digital infrastructure, including measures to safeguard data privacy.
4. Collaborative Efforts:The government collaborates with industry stakeholders and
civil society to address IoT security challenges and ensure robust data privacy.

9. • While IoT devices enhance convenience , they bring significant
privacy risks to Indian households due to weak security measures
, data collection and potential misuse of personal information .
• Awareness at ground level and better security practices are
crucial to protect sensitive data from breaches , surveillance and
unauthorized access .
• Smart cities in India are increasingly using IoT for surveillance
raising concerns which requires call for action and 60% od IoT
devices lack encryption . Strict protocols by the government to
safeguard privacy should be priority to ensure safer , smarter
homes .
CONCLUSION