IBEX 3519.683,80 -0,85%EuroStoxx 506398,01 -0,23%S&P 5007524,90 +0,56%€/$1,1440 +0,00%Brent72,13 +0,46%Bitcoin55.658 +0,10%
Breaking

93 IoT Devices Expose Data of Domestic Workers Monitored by AI

A 2026 study reveals that 93 IoT devices expose sensitive data of domestic workers monitored by AI, creating a digital panopticon at home.

Álvaro Sáez FerrerÁlvaro Sáez Ferrer··3 min read

A 2026 academic study analyses 93 IoT devices that expose sensitive data such as UUID and geolocation, turning smart homes into covert labour surveillance systems for domestic workers in the UK.

An analysis of 93 IoT devices has uncovered a critical vulnerability: they expose unique UUIDs and home geolocation data without adequate protection, according to an academic study published on arXiv in February 2026. The research, focused on domestic workers in the UK, applies the Communication Privacy Management (CPM) framework to map how AI cameras and sensors become tools of covert labour surveillance.

The Digital Panopticon at Home: How AI Monitors Domestic Workers

The study reveals that smart devices, perceived as security elements, act as a digital panopticon. The worker never knows when they are being monitored, generating psychological stress and limiting their autonomy, similar to algorithmic management in the gig economy.

The researchers identified that smart cameras, motion sensors, and AI voice assistants create an environment of constant uncertainty. The CPM framework allows for an analysis of how privacy boundaries are negotiated or violated in spaces where employers, workers, and automated devices coexist.

Privacy is not binary; it is a continuous negotiation process that current devices completely ignore, according to the study's authors.

Smart Home Market 2026: Growth Without Regulation and Risks for Startups

The smart home market in 2026 focuses on proactive and predictive security with artificial intelligence, biometrics, and social robots. However, an international study led by IMDEA Networks and Northeastern University on the same 93 devices demonstrated that local network protocols are not sufficiently protected.

These devices expose unique names, home geolocation, and habits that can be harvested by the data industry without user knowledge. AI enables identity reconstruction and behaviour tracking from scattered data: a model published on arXiv correctly identified 67% of anonymous profiles by cross-referencing them with LinkedIn for just 1 to 4 dollars per identification.

The GDPR and UK privacy laws require informed consent, but IoT devices operate in a legal vacuum: who gives consent when there are multiple occupants with conflicting interests? For startups, Privacy by Design is no longer optional; it is a survival requirement. Devices that do not implement local network encryption and local data processing will face fines and market rejection.

What It Means for Your Startup If You Develop IoT or Smart Home

If you develop IoT devices or smart home solutions, this study is a critical warning. Founders in Spain and LATAM must anticipate stricter regulations. Concrete actions: audit what data your device exposes on the local network (UUID, geolocation) and apply end-to-end encryption.

Implement local data processing and granular privacy controls so that the user can decide what to share. Transparency will be key to avoiding reputational damage. The study suggests that any use of tools for identification or mass surveillance requires judicial authorization, and contracts between governments and tech companies must be public.

The cost of inaction can be high: from regulatory fines to loss of consumer trust. Privacy is no longer an extra but a pillar of the product.

Álvaro Sáez Ferrer

Written by

Álvaro Sáez Ferrer

Redactor

Economista por ICADE y una de las pocas personas que disfruta leyendo la ley de presupuestos. Cafetero, padre a tiempo completo y azote de la letra pequeña; en Iber Empresa escribe de economía y fiscalidad.