Ensuring Privacy Policy Compliance of Wearables with IoT Regulations

The proliferation of the Internet of Things (IoT) has led to an exponential increase in data generation, especially from wearable IoT devices. While this data influx offers unparalleled insights and connectivity, it also brings significant privacy and security challenges. Existing regulatory frameworks like the United States (US) National Institute of Standards and Technology Interagency or Internal Report (NISTIR) 8228, the US Health Insurance Portability and Accountability Act (HIPAA), and the European Union (EU) General Data Protection Regulation (GDPR) aim to address these challenges but often operate in isolation, making their compliance in the vast IoT ecosystem inconsistent. This paper presents the IoT-Reg ontology, a holistic semantic framework that amalgamates these regulations, offering a stratified approach based on the IoT data lifecycle stages and providing a comprehensive yet granular approach to IoT data handling practices. The IoT-Reg ontology aims to transform the IoT domain into a realm where regulatory controls are seamlessly integrated system components by emphasizing risk management, compliance, and the pivotal role of manufacturers' privacy policies, ensuring consistent adherence, enhancing user trust, and promoting a privacy-centric IoT environment. We include the results of validating this framework against risk mitigation for Wearable IoT devices.

show abstract

A Systematic Review of Privacy Policy Literature

Javed,

Sajid

2024

ACM Comput. Surv.

View full text Add to dashboard Cite

An organization’s privacy policy states how it collects, stores, processes, and shares its users’ personal information. The growing number of data protection laws and regulations as well as the numerous sectors where the organizations are collecting user information, has led to the investigation of privacy policies with regards to their accessibility, readability, completeness, comparison with organization’s actual data practices, use of machine learning/natural language processing for automated analysis, and comprehension/perception/concerns of end-users via summarization/visualization tools and user studies. However, there is limited work on systematically reviewing the existing research on this topic. We address this gap by conducting a systematic review of the existing privacy policy literature. To this end, we compiled and analyzed 202 papers (published till 31 st December 2023) that investigated privacy policies. Our work advances the field of privacy policies by summarizing the analysis techniques that have been used to study them, the data protection laws/regulations explored, and the sectors to which these policies pertain. We provide actionable insights for organizations to achieve better end-user privacy.

show abstract

Ensuring Privacy Policy Compliance of Wearables with IoT Regulations

Cited by 3 publications

References 36 publications

Human-Centered Edge AI and Wearable Technology for Workplace Health and Safety in Industry 5.0

Human-Centered Edge AI and Wearable Technology for Workplace Health and Safety in Industry 5.0

IoT-Reg: A Comprehensive Knowledge Graph for Real-Time IoT Data Privacy Compliance

A Systematic Review of Privacy Policy Literature

Contact Info

Product

Resources

About