Private Data Delete: this will leave the hub unusable

Trying to be secure with my private data, I accepted the option to delete in the Smartthings App. Unknowingly and not warned, I told Smarthrhings to delete my hub and all devices. Not sure if I should be upset with myself or wonder why Smartthings should be more detailed on what “personal data” means.

Now I have a configed hub and cannot get the Smarthings App to reconginize it. I cannot find any posts to do this. Only option seems to be a factory reset. Also, not seeing anything in the IDE so I assume the delete private data was also done on the servers.

Is a full factory reset on the hub and a start over in order for me?

Yikes. Sounds like it.

To be clear, did you choose this option in the app under settings?

Yeah, unfortunately I did. Obviously personal data means something different in Smartthings than normal. Fortunately I am just getting into this and only have a dozen devices to reconfigure and a few scenes.

We are in the “new normal“ now, post GDPR. This is a European regulation that went into effect last year and requires that companies allow individuals to delete any “personal information.“ Doing so means you will no longer be able to use the service, because as a primarily cloud-based system, smartthings keeps a lot of information about you as part of providing you with the cloud.

This is detailed in the privacy policy which is linked to above the delete option.

It is not mandatory to provide any of the personal data described above to SmartThings, but if you choose not to, you may not be able to receive any of the Services described below, access certain parts of our websites, or receive information from us that you have requested.
.
Personal Data Collected Automatically
.
Whenever you interact with our Services (whether via a mobile application, our IoT plug-ins, third party services, SmartApp, browser, or other application, connecting a physical device to our services, connecting a third party service to our services, or otherwise), we automatically receive and record information on our servers, logs and databases from your browser, application, services or device(s). In particular, our Services are designed to allow you to connect various physical devices (e.g., the SmartThings Hub, and associated SmartThings and third party sensors and other devices) to the Services. While connected to the Services, these devices automatically report information to our servers (including information that you may have provided when setting up or configuring that device), which may include personal data. For example, if you connect a temperature sensor to the Services, the temperature information from that sensor will be transmitted to the Services, along with any identifying information that you have chosen to associate with that sensor (e.g., the device name, group name, and location name that you have assigned to the sensor within the Services). The type of information that is collected from each device will vary depending on the device type.

This is a pretty standard definition of “personal data“ now under the new GDPR regulation, and you will see most cloud-based systems with something similar.

2 Likes

You would think deleting personal data would only clear device history, not reset the entire hub.

2 Likes

That was my thought. Or atleast have a warning that ‘all’ device information (which does not have identifiable information) will be deleted too.

Btw, I work in IT for a company which does business in Europe and we have to understand their data privacy laws and ensure the “personally identifiable data is protected”. No mention of non personal data in software which would include configuration data.

3 Likes

Samsung has defined device names and room names (as described in the privacy policy) as “personal information.”

identifying information that you have chosen to associate with that sensor (e.g., the device name, group name, and location name that you have assigned to the sensor within the Services

So once you get to that point, they apparently decided just to blast it back to factory settings.

They aren’t alone in this. GDPR specifically says that location ID, age category (“nursery”) and “Device ID” count as “personal data.” So does IP address.

Not everyone calls a room in their house “Michael’s room.” But a lot of people do, as shown in the examples posted to this forum. Or give away the age group of a child. Quite a few companies have made the decision that rather than figure out what user-created identifiers might be personal information, they’ll just delete it all.

I agree absolutely there should be a second chance statement that tells you deleting the information will leave your system unusable. It’s buried deep in the privacy policy, but I think it should be highlighted at the decision point.

But the fact that it will be unusable for a cloud based system is going to be true for many companies because of the “Device ID” inclusion in the GDPR definition.

Submitted with respect.

5 Likes

I’m good with your explanation. But I think we can agree the app should be very obvious to explain what you will be doing if you continue. As a software deverloper, that is a standard to get a confirmation from the user. Especially when the action will basically delete the system.

6 Likes

Update on the “wipe-out”. Finally back to reconfiguring all hub and devices. Still need to rebuild automations and scenes. Luckily I only had 3 switches, 2 dimmer switches, a motion sensor switch and a Lutron integration (4 devices). So not too bad.

  • Factory reset of Smartthings Hub (v3) and extended wifi hubs
  • Factory reset of devices (each had their own unique process it seemed (trial and error) but got them reset.
  • Reconfigured wifi hubs
  • Re-paired devices to hub
  • Lutron, delete existing and recreated Smartthings integration. All existing Lutron devices appeared in Smarththings app.
  • Reinstall device handler.

I guess you could say I ended up being my own backup/restore. :slight_smile:

2 Likes

I had about 120 devices and made the same mistake. I thought I was deleting personal data not deleting everything in my account. There was a warning but my finger was still on the screen and it was accepted before being able to read it.