Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission.
“The walls have ears” is fast becoming an outdated phrase. Nowadays—beyond our suspicions of Alexa and Google Home—your phone, your fridge, your Fitbit, even your dog’s collar could potentially be listening in.
However, you don’t often see “robot vacuum” on such lists of household spy items. If 63% of consumers are creeped out by smart devices, then the one that you allow to roam about and map your house, connect to the Internet, and stream video could be the creepiest creeper of them all.
Data privacy is a hot topic these days, with concerns that range from the apocalyptic to the rather mundane. But, is there anything to actually worry about?
Hopefully, by looking at it through the lens of a little Roomba, we can get some answers, not only about iRobot's policies, but about data privacy in the robot vacuum industry in general.
What is a smart robot vacuum?
At its most basic, the word “smart” placed in front of an appliance implies that it can connect to the internet. The term dates back to around 1995 with the introduction of IBM’s Simon Personal Communicator, and it stuck. Ever since then, the term has evolved and broadened to define everything from compatibility with home assistants like Alexa and Google Home, to an item that is programmable, to the suggestion that an item possesses artificial intelligence.
In the world of robot vacuums this runs the gamut of being able to turn your robot vacuum on with a cell phone via WiFi to programming it to activate when you leave your house.
What kind of personal data can a robot vacuum gather?
All smart devices, like your cellphone or smart bulb, gather what is known as metadata. Examples of gathered metadata often include when you turn on an appliance and your duration of use.
You may have heard the term “metadata” used by privacy experts, because it is something hackers can passively gather without having to break into your network. It’s akin to someone sitting outside your home and guessing that you’re cooking because the lights in the kitchen are on.
Aside from metadata, many smart robot vacuums create floor maps as they clean. In some cases, they have cameras to help navigate around obstacles or stream to your phone as a mobile security system.
In many cases, companies collect run time, square footage cleaned, and if the robot encounters any errors.
What are the laws out there concerning data privacy?
The most stringent and comprehensive law that we could find on record is the California Consumer Privacy Act (CCPA). The big highlights include: The right to know about the personal information a business collects about them and how it is used and shared, to delete personal information collected from them (with some exceptions), to opt-out of the sale of their personal information, and the right to non-discrimination for exercising their CCPA rights.
Even if you don’t live in California, robot vacuums that are sold nationally need to be compliant.
What do the brands have to say about data privacy?
iRobot has pretty comprehensive documentation on how user data is stored.
Mike Gillen, director of product and data security at iRobot tells us, “Beyond internal initiatives, iRobot promotes and sponsors a public bug bounty program, submits products to external penetration testing, and conducts routine automated scans on iRobot's operating environment.”
What if I want my data deleted?
Basically, this means that iRobot will eliminate any connection between you and the data collected, but it may remain in iRobot’s servers.
Companies like iRobot and Ecovacs also follow the GDPR, which is the European version of the CCPA.
Bethany Singer Baefsky, director of privacy and DPO at iRobot, says, “iRobot follows the GDPR standard for everyone when it comes to deletion, and we do not limit it just to the EU. That means that wherever you are, if you request data deletion, your personal information will be purged within 30 days, in accordance with GDPR standards.”
She continues, “For data access requests, we comply with all statutory time frames. Where there is no statutorily required timeframe for providing data, or no legal requirement to provide data at all, we operate within the CCPA's framework and provide data in a commonly used, machine readable format within 45 days of receiving a verifiable request.”
In plain English, this means that you can request a hard copy of all the data that has been collected on you and have it deleted from Ecovacs’ servers, though it will probably erase your account as well.
Who in their right mind would want a smart robot vacuum?
The answer to this question comes as a single word: Convenience. Imagine you’re out running errands or at your kid’s soccer game and you get a call that people are coming over in an hour. Are your floors presentable? Is there dog hair everywhere? By accessing the app on your phone, you can activate your smart robot vacuum and get some peace of mind that dust bunnies won’t be greeting your guests.
There are also robot vacuums that have cameras on them that you can stream. So, not only are they floor cleaners, but they can act like security robots.
Final question: Is my robot vac a spy?
Yes, but not any more than your cell phone, your credit card, your ISP, your Alexa, your gym membership, or your neighbors. And, according to Singer Baefsky, at least in iRobot's case, you have to give informed consent.