Privacy Engineering for Domestic IoT: Enabling Due Diligence

Lodge, Tom; Crabtree, Andy

doi:10.3390/s19204380

Cited by 9 publications

(10 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DPbD supports system security, along with a range of data protection measures, for example, data minimisation, pseudonymisation, and transparency. While the legal requirement for DPbD should be enough of an incentive for developers to accept its core principles, its widespread adoption has not yet been proven with regard to engineering processes [30]. This could be because its principles are rather disconnected from the real-life practice of systems engineering.…”

Section: Privacy By Design and Data Protection By Design And By Defaultmentioning

confidence: 99%

“…This could be because its principles are rather disconnected from the real-life practice of systems engineering. In addition, it can be difficult to translate between the some of the vague terminology contained in the regulations [30]. The meaning of the concepts of Privacy by Design and by Default developed by Cavoukian and GDPR is similar, but they differ in regard to structure.…”

Section: Privacy By Design and Data Protection By Design And By Defaultmentioning

confidence: 99%

“…The controller of the mobile application has to maintain privacy policies as they are an essential aspect that involves data subjects, users, and aspects of processing; furthermore, it is crucial to follow the laws that stipulate those policies. Privacy patterns 10,11,15,20,21,30,36,37,39,45 and 59 all focus on solving privacy issues in regard to privacy policies. Since privacy policies usually tend to be complex and long, these privacy patterns are concerned about balancing these policies with regard to accessibility, alongside being comprehensive from a legal perspective.…”

Section: Mapping Privacy Patterns To Iot Architecturementioning

confidence: 99%

“…Furthermore, they do not just rely on the users, which is an important part of the processing, but also implement the laws that mandate these policies. Privacy patterns 10,11,15,20,21,30,36,37,39,45 and 59 all concentrate on solving the privacy issues addressed in privacy policies. This is because privacy policies typically tend to be complicated and very long.…”

Section: Mapping Privacymentioning

confidence: 99%

“…Privacy by Design (PbD) [27] is a fairly new system that works to embed privacy practice more deeply and effectively into the development process [30,59]. REGULATION (EU) 2016/679 General Data Protection Regulation (GDPR) [1] confirms the importance of this and is applicable to all systems that manage personal data processing -a common feature of IoT applications.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Privacy Laws and Privacy by Design Schemes for the Internet of Things

et al. 2021

View full text Add to dashboard Cite

Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague and could be challenging to extract and enact such legal requirements. In this article, we have conducted a systematic analysis of the privacy and data protection laws that are used across different continents, namely (i) General Data Protection Regulations, (ii) the Personal Information Protection and Electronic Documents Act, (iii) the California Consumer Privacy Act, (iv) Australian Privacy Principles, and (v) New Zealand’s Privacy Act 1993. Then, we used framework analysis method to attain a comprehensive view of different privacy and data protection laws and highlighted the disparities to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, the key principles and individuals’ rights of the CPLF were mapped with Privacy by Design (PbD) schemes (e.g., privacy principles, strategies, guidelines, and patterns) developed previously by different researchers to investigate the gaps in existing schemes. Subsequently, we have demonstrated how to apply and map privacy patterns into IoT architectures at the design stage and have also highlighted the complexity of doing such mapping. Finally, we have identified the major challenges that should be addressed and potential research directions to take the burden off software developers when applying privacy-preserving techniques that comply with privacy and data protection laws. We have released a companion technical report [3] that comprises all definitions, detailed steps on how we developed the CPLF, and detailed mappings between CPLF and PbD schemes.

show abstract

Section: Privacy By Design and Data Protection By Design And By Defaultmentioning

confidence: 99%

Section: Privacy By Design and Data Protection By Design And By Defaultmentioning

confidence: 99%

Section: Mapping Privacy Patterns To Iot Architecturementioning

confidence: 99%

Section: Mapping Privacymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Privacy Laws and Privacy by Design Schemes for the Internet of Things

et al. 2021

View full text Add to dashboard Cite

show abstract

Privacy Design Strategies and the GDPR: A Systematic Literature Review

Saltarella

Desolda

Lanzilotti

2021

HCI for Cybersecurity, Privacy and Trust

View full text Add to dashboard Cite

Revisiting the Digital Plumber: Modifying the Installation Process of an Established Commercial IoT Alarm System

Castle-Green

Reeves

Fischer

et al. 2023

Comput Supported Coop Work

View full text Add to dashboard Cite

The ‘digital plumber’ is a conceptualisation in ubicomp research that describes the work of installing and maintaining IoT devices. But an important and often understated element of commercial IoT solutions is their long-term socio-technical infrastructural nature, and therefore long-term installation and maintenance needs. This adds complexity to both the practice of digital plumbing and to the work of design that supports it. In this paper we study a commercial company producing and installing IoT alarm systems. We examine video recordings that capture how a digital plumbing representative and software development team members make changes to both the installation process and supporting technology. Our data enables us to critically reflect on concepts of infrastructuring, and uncover the ways in which the team methodically foreground hidden elements of the infrastructure to address a point of failure experienced during field trials of a new version of their product. The contributions from this paper are twofold. Firstly, our findings build on previous examples of infrastructuring in practice by demonstrating the use of notions of elemental states to support design reasoning through the continual foregrounding and assessment of tensions identified as key factors at the point of failure. Secondly, we build on current notions of digital plumbing work. We argue that additional responsibilities of ‘reporting failure’ and ‘facilitation of change’ are part of the professional digital plumbing role and that commercial teams should support these additional responsibilities through collaborative troubleshooting and design sessions alongside solid communication channels with related stakeholders within the product team.

show abstract

Privacy Engineering for Domestic IoT: Enabling Due Diligence

Cited by 9 publications

References 20 publications

Privacy Laws and Privacy by Design Schemes for the Internet of Things

Privacy Laws and Privacy by Design Schemes for the Internet of Things

Privacy Design Strategies and the GDPR: A Systematic Literature Review

Revisiting the Digital Plumber: Modifying the Installation Process of an Established Commercial IoT Alarm System

Contact Info

Product

Resources

About