A recent study by consumer rights group Which? reveals that some smart air fryers are collecting surprising amounts of personal data. UK consumers are now being advised to look closely at permissions in their kitchen devices—some of which may even send data to servers abroad.
Smart devices may add convenience, but some are collecting more data than users expect. The investigation by Which? uncovered three brands of smart air fryers—Xiaomi, Aigostar, and Cosori—requesting permissions that go well beyond standard cooking functions. This includes access to data like location and audio. These permissions are generally enabled through apps on users’ phones, allowing data to be sent to external servers without clear reasons.
Which? noted that Xiaomi’s air fryer app, for example, connects to multiple trackers, including those from Facebook, TikTok’s Pangle, and Tencent, depending on where the user is located. Aigostar, meanwhile, asked for optional information like gender and birthdate at setup.
Data privacy advocate Harry Rose, editor of Which? magazine, stated, “Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon.”
Consumer Rights and the Call for Clearer Privacy Standards
Privacy scores from Which? flagged Cosori as the brand with the weakest privacy protections. The brand scored only 41% based on issues in consent, data security, and tracking practices. In response, Which? is urging for more transparency in data collection processes. This call comes as the UK’s Information Commissioner’s Office (ICO) prepares new guidelines expected in 2025.
The ICO aims to set clear rules for data protection in smart products, outlining what data manufacturers can collect and how. Which? further emphasized that data collection should always prioritize user consent and clarity.
When asked for a response, Xiaomi stated, “We do not sell any personal information to third parties. The permission to record audio on Xiaomi Home app is not applicable to Xiaomi smart air fryer which does not operate directly through voice commands and video chat.”
Cosori asserted that its products follow GDPR guidelines but refrained from further comment. Aigostar, however, declined to respond.
Practical Tips for Consumers
For users concerned about privacy, Which? recommends taking steps to check device permissions.
When setting up a smart device, users should only ever allow necessary authorizations. For instance, a cooking device asking for location access is a red flag. Consumers may also manually opt out of these access in their settings when possible.
Consumers are also advised to consider data storage locations. Devices that send data to external servers outside their country could carry higher risks.
“Compared to smartphones and laptops, excessive data collection from household connected devices carries an even greater risk of data breaches: most people are not an even aware of the scale and volume of the data collected by these devices,” emphasized Megha Kumar, chief product officer at consultancy firm CyXcel.
With the growing popularity of smart appliances, being mindful of data access in household devices is essential for protecting personal privacy.