Gaëlle Kermorgant,Michèle Guilbot

DOI: https://doi.org/10.1007/978-3-030-14156-1_22

2019-01-01

Abstract:The General Data Protection Regulation (GDPR) is in force since May 25 2018. This has an important impact on the design and development of new technologies based on exploitation of data, in particular private data. Not complying with the requirements can have high financial consequences up to 4% of the worldwide turnover of a company as a fine. At first glance, GDPR seems to be a constraint. However the, this regulation offers also the opportunity to develop new services based on big data processing and become competitive in a domain, which is considered being the petroleum of the 21st century. The paper describes the impact and opportunities of the GDPR on the Internet of things (IoT) and connected cars by highlighting two examples:the first aims at improving road safety by calculating a risk factor based on analysis of driver behaviour, data collection and artificial intelligencethe second aims at improving road infrastructure by detecting road deficiencies or risk zone through in car data collection.

Lachlan Urquhart,Neelima Sailaja,Derek McAuley

DOI: https://doi.org/10.1007/s00779-017-1069-2

2018-01-23

Abstract:There is an increasing role for the IT design community to play in regulation of emerging IT. Article 25 of the EU General Data Protection Regulation (GDPR) 2016 puts this on a strict legal basis by establishing the need for information privacy by design and default (PbD) for personal data-driven technologies. Against this backdrop, we examine legal, commercial and technical perspectives around the newly created legal right to data portability (RTDP) in GDPR. We are motivated by a pressing need to address regulatory challenges stemming from the Internet of Things (IoT). We need to find channels to support the protection of these new legal rights for users in practice. In Part I we introduce the internet of things and information PbD in more detail. We briefly consider regulatory challenges posed by the IoT and the nature and practical challenges surrounding the regulatory response of information privacy by design. In Part II, we look in depth at the legal nature of the RTDP, determining what it requires from IT designers in practice but also limitations on the right and how it relates to IoT. In Part III we focus on technical approaches that can support the realisation of the right. We consider the state of the art in data management architectures, tools and platforms that can provide portability, increased transparency and user control over the data flows. In Part IV, we bring our perspectives together to reflect on the technical, legal and business barriers and opportunities that will shape the implementation of the RTDP in practice, and how the relationships may shape emerging IoT innovation and business models. We finish with brief conclusions about the future for the RTDP and PbD in the IoT.

Human-Computer Interaction,Computers and Society,Distributed, Parallel, and Cluster Computing

Lawrence J. Trautman,Mohammed T. Hussein,Louis Ngamassi,Mason J. Molesky

DOI: https://doi.org/10.48550/arXiv.2004.03765

2020-04-08

Abstract:Today's increasing rate of technological change results from the rapid growth in computer processing speed, when combined with the cost decline of processing capacity, and is of historical import. The daily life of billions of individuals worldwide has been forever changed by technology in just the last few years. Costly data breaches continue at an alarming rate. The challenge facing humans as they attempt to govern the process of artificial intelligence, machine learning, and the impact of billions of sensory devices connected to the Internet is the subject of this Article. We proceed in nine sections. First, we define the Internet of Things (IoT), comment on the explosive growth in sensory devices connected to the Internet, provide examples of IoT devices, and speak to the promise of the IoT. Second, we discuss legal requirements for corporate governance as a foundation for considering the challenge of governing the IoT. Third, we look at potential IoT threats. Fourth, we discuss the Mirai botnet. Fifth, is a look at the IoT threat vector vulnerabilities during times of crisis. Sixth, we discuss the Manufactured Usage Description (MUD) methodology. Seventh, is a discussion of recent regulatory developments. Next, we look at a few recommendations. And finally, we conclude. We believe this Article contributes to our understanding of the widespread exposure to malware associated with IoT and adds to the nascent but emerging literature on governance of enterprise risk, a subject of vital societal importance.

Computers and Society

Masoud Barati,Ioan Petri,Omer F. Rana

DOI: https://doi.org/10.1145/3344341.3368812

2019-12-02

Abstract:With recent adoption of Internet of Things (IoT) technologies and their use in industry, user data privacy concerns remain a major preoccupation of regulation bodies. The European General Data Protection Regulation (GDPR) enables users to control their data and be informed about any devices involved in collecting and processing this data. The overall objective is to enable individuals to have full rights and control over their data assets and to be able to transfer their data without any unmitigated risk. Blockchains provide the benefits of a distributed ledger that can securely manage digital transactions -- where the centralisation of data is eliminated. Blockchains have recently entered as an enabling technology into the IoT market, and used in a variety of different application areas. Blockchains enable the implementation of a more trusted system capable of processing operations between IoT services and sources of data. In smart buildings, for example, Blockchains support the formation of smart contracts as a means to give transactional capabilities to IoT devices, allowing users to keep data ownership and privacy using an immutable dataset. We describe how Blockchain technology can be used to develop an audit trail of data generated in IoT devices, enabling GDPR rules to be verified on such a trail. We describe how to translate a set of such rules into smart contracts to protect personal data in a transparent and automatic way.

Charith Perera,Rajiv Ranjan,Lizhe Wang,Samee U. Khan,Albert Y. Zomaya

DOI: https://doi.org/10.1109/MITP.2015.34

2015-06-08

Abstract:Over the last few years, we have seen a plethora of Internet of Things (IoT) solutions, products and services, making their way into the industry's market-place. All such solution will capture a large amount of data pertaining to the environment, as well as their users. The objective of the IoT is to learn more and to serve better the system users. Some of these solutions may store the data locally on the devices ('things'), and others may store in the Cloud. The real value of collecting data comes through data processing and aggregation in large-scale where new knowledge can be extracted. However, such procedures can also lead to user privacy issues. This article discusses some of the main challenges of privacy in IoT, and opportunities for research and innovation. We also introduce some of the ongoing research efforts that address IoT privacy issues.

Computers and Society,Databases,Networking and Internet Architecture

Chao Li,Balaji Palanisamy

DOI: https://doi.org/10.1109/jiot.2018.2864168

IF: 10.6

2019-02-01

IEEE Internet of Things Journal

Abstract:Ubiquitous deployment of low-cost smart devices and widespread use of high-speed wireless networks have led to the rapid development of the Internet of Things (IoT). IoT embraces countless physical objects that have not been involved in the traditional Internet and enables their interaction and cooperation to provide a wide range of IoT applications. Many services in the IoT may require a comprehensive understanding and analysis of data collected through a large number of physical devices that challenges both personal information privacy and the development of IoT. Information privacy in IoT is a broad and complex concept as its understanding and perception differ among individuals and its enforcement requires efforts from both legislation as well as technologies. In this paper, we review the state-of-the-art principles of privacy laws, the architectures for IoT and the representative privacy enhancing technologies (PETs). We analyze how legal principles can be supported through a careful implementation of PETs at various layers of a layered IoT architecture model to meet the privacy requirements of the individuals interacting with IoT systems. We demonstrate how privacy legislation maps to privacy principles which in turn drives the design of necessary PETs to be employed in the IoT architecture stack.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jaydip Sen,Subhasis Dasgupta

2023-04-01

Abstract:Recent developments in hardware and information technology have enabled the emergence of billions of connected, intelligent devices around the world exchanging information with minimal human involvement. This paradigm, known as the Internet of Things (IoT) is progressing quickly with an estimated 27 billion devices by 2025. This growth in the number of IoT devices and successful IoT services has generated a tremendous amount of data. However, this humongous volume of data poses growing concerns for user privacy. This introductory chapter has presented a brief survey of some of the existing data privacy-preservation schemes proposed by researchers in the field of the Internet of Things.

Cryptography and Security,Machine Learning

Sakshi Rai,Ujawal Rai,Chetan Randhye,Achal Amrutkar,Prof. Manisha More

DOI: https://doi.org/10.22214/ijraset.2023.57413

2023-12-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: The proliferation of Internet of Things (IoT) devices has transformed the way we interact with the digital world, offering unprecedented connectivity and convenience. However, this rapid expansion brings forth profound challenges concerning privacy, data protection, and security. This survey paper comprehensively explores the multifaceted landscape of IoT, dissecting its architecture, and delving into the intricate web of concerns surrounding user privacy, data safeguarding, and system security.Beginning with an examination of the IoT architecture, we dissect the interconnected layers, ranging from sensors to cloud platforms, illustrating the intricate pathways of data flow. The survey meticulously unfolds the privacy challenges embedded in the constant data collection, tracking, and profiling mechanisms intrinsic to IoT devices. Drawing on real-world examples, we underscore the tangible consequences of privacy breaches and the potential erosion of user trust.In the realm of data protection, we delve into the complexities of safeguarding data integrity, confidentiality, and availability within the IoT ecosystem. Regulatory frameworks, notably the General Data Protection Regulation (GDPR), are scrutinized for their impact on shaping data protection practices. Concurrently, the paper uncovers common security threats in IoT, emphasizing vulnerabilities in devices and the looming risks associated with unauthorized access and data breaches.Navigating through the regulatory landscape, the survey provides an overview of existing standards and regulations governing IoT. Case studies spotlight instances of privacy breaches, data protection lapses, and security vulnerabilities, offering practical insights into the implications of these incidents. Mitigation strategies, encompassing encryption, authentication, and access control, are explored to address the identified concerns.As the paper concludes, it synthesizes the key findings, emphasizing the urgency of continued efforts to fortify IoT against privacy, data protection, and security challenges. The survey anticipates future trends and challenges, offering a roadmap for researchers, policymakers, and industry stakeholders to collectively forge a secure and privacy-aware IoT landscape.

Shruti Vyas,Sagar Wankhede,Mayur Zodape,Divya Wagh,Prof. Sagar Tarekar

DOI: https://doi.org/10.48175/ijarsct-9147

2023-04-15

Abstract:The Internet of Things, an emerging global Internet-based technical architecture facilitating the exchange of goods and services in global supply chain networks has an impact on the security and privacy of the involved stakeholders. Measures ensuring the architecture's resilience to attacks, data authentication, access control and client privacy need to be established. An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector according to specific needs and thereby becomes easily adjustable. The contents of the respective legislation must encompass the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT

Sean Sirur,Jason R. C. Nurse,Helena Webb,Jason R.C. Nurse

DOI: https://doi.org/10.48550/arXiv.1808.07338

2018-08-22

Computers and Society

Abstract:The EU General Data Protection Regulation (GDPR), enforced from 25th May 2018, aims to reform how organisations view and control the personal data of private EU citizens. The scope of GDPR is somewhat unprecedented: it regulates every aspect of personal data handling, includes hefty potential penalties for non-compliance, and can prosecute any company in the world that processes EU citizens' data. In this paper, we look behind the scenes to investigate the real challenges faced by organisations in engaging with the GDPR. This considers issues in working with the regulation, the implementation process, and how compliance is verified. Our research approach relies on literature but, more importantly, draws on detailed interviews with several organisations. Key findings include the fact that large organisations generally found GDPR compliance to be reasonable and doable. The same was found for small-to-medium organisations (SMEs/SMBs) that were highly security-oriented. SMEs with less focus on data protection struggled to make what they felt was a satisfactory attempt at compliance. The main issues faced in their compliance attempts emerged from: the sheer breadth of the regulation; questions around how to enact the qualitative recommendations of the regulation; and the need to map out the entirety of their complex data networks.

Chris Jay Hoofnagle,Bart van der Sloot,Frederik Zuiderveen Borgesius

DOI: https://doi.org/10.1080/13600834.2019.1573501

2019-01-02

Abstract:This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union’s General Data Protection Regulation (‘GDPR’). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Kevin Fu,Tadayoshi Kohno,Daniel Lopresti,Elizabeth Mynatt,Klara Nahrstedt,Shwetak Patel,Debra Richardson,Ben Zorn

DOI: https://doi.org/10.48550/arXiv.2008.00017

2020-08-01

Abstract:The Internet of Things (IoT) is already transforming industries, cities, and homes. The economic value of this transformation across all industries is estimated to be trillions of dollars and the societal impact on energy efficiency, health, and productivity are enormous. Alongside potential benefits of interconnected smart devices comes increased risk and potential for abuse when embedding sensing and intelligence into every device. One of the core problems with the increasing number of IoT devices is the increased complexity that is required to operate them safely and securely. This increased complexity creates new safety, security, privacy, and usability challenges far beyond the difficult challenges individuals face just securing a single device. We highlight some of the negative trends that smart devices and collections of devices cause and we argue that issues related to security, physical safety, privacy, and usability are tightly interconnected and solutions that address all four simultaneously are needed. Tight safety and security standards for individual devices based on existing technology are needed. Likewise research that determines the best way for individuals to confidently manage collections of devices must guide the future deployments of such systems.

Computers and Society,Cryptography and Security

Abhijit Sudam Pavashe,Ankita Bajirao Sawant,Kishor Laxman Ghadage

DOI: https://doi.org/10.48175/ijarsct-9362

2023-04-23

Abstract:The Internet of Things (IoT) has revolutionized the way we live our lives, with an ever-increasing number of devices connecting to the internet and sharing data. However, this has also led to a growing concern over the impact of IoT on privacy and security. This research paper explores the impact of IoT on privacy and security, focusing on the various challenges and risks associated with the technology. The paper begins by examining the definition and concept of IoT and its potential benefits. It then delves into the various privacy and security issues arising from IoT, including data breaches, identity theft, and unauthorized access. The paper also discusses the different approaches and strategies that can be used to mitigate these risks, including encryption, access control, and data protection measures. The research paper also examines the legal and regulatory frameworks governing IoT privacy and security and analyses the challenges and gaps in these frameworks. The paper highlights the importance of creating a comprehensive and robust regulatory framework that addresses the unique challenges posed by IoT.

John KC Kingston

DOI: https://doi.org/10.48550/arXiv.1809.05762

IF: 14.4

2018-09-15

Artificial Intelligence

Abstract:The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the existing Data Protection Directive on 25 May 2018. The most significant change is a huge increase in the maximum fine that can be levied for breaches of the regulation. Yet fewer than half of UK companies are fully aware of GDPR - and a number of those who were preparing for it stopped doing so when the Brexit vote was announced. A last-minute rush to become compliant is therefore expected, and numerous companies are starting to offer advice, checklists and consultancy on how to comply with GDPR. In such an environment, artificial intelligence technologies ought to be able to assist by providing best advice; asking all and only the relevant questions; monitoring activities; and carrying out assessments. The paper considers four areas of GDPR compliance where rule based technologies and/or machine learning techniques may be relevant: * Following compliance checklists and codes of conduct; * Supporting risk assessments; * Complying with the new regulations regarding technologies that perform automatic profiling; * Complying with the new regulations concerning recognising and reporting breaches of security. It concludes that AI technology can support each of these four areas. The requirements that GDPR (or organisations that need to comply with GDPR) state for explanation and justification of reasoning imply that rule-based approaches are likely to be more helpful than machine learning approaches. However, there may be good business reasons to take a different approach in some circumstances.

Vaclav Janecek

DOI: https://doi.org/10.31228/osf.io/6d7as

2019-04-11

Abstract:This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, the article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.

Yong Lee,Goo Yeon Lee

DOI: https://doi.org/10.3390/s21227592

IF: 3.9

2021-11-16

Sensors

Abstract:In recent years, as all actions of Internet users become information, the importance of personal information is emphasized, but in reality, the management of personal information is still insufficient. With the advent of the concept of sharing systems such as the sharing economy, the numbers of IoT application services (for example, a healthcare service using sharing IoT devices, or a vehicle sharing system with IoT devices) using users’ personal information are increasing, but the risk of using personal information is not managed. To solve this issue, the European GDPR stipulates the content of personal information protection. In this paper, we present a method to securely manage personal information in IoT devices in IoT application environments in accordance with the GDPR. We first describe the lifecycle stages of personal information occurring in IoT application services and propose a method to securely manage personal information at each stage of the lifecycle according to the flow of personal information in IoT devices. We also evaluated the usefulness and applicability of the proposed scheme through two service scenarios. Since the proposed method satisfies the requirements for personal information management in IoT application environments, it is expected to contribute to the development of the IoT business field that handles personal information.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Matthias Artzt,Tran Viet Dung

DOI: https://doi.org/10.2478/vjls-2022-0007

2022-12-01

Vietnamese Journal of Legal Sciences

Abstract:Abstract Artificial intelligence (AI) is the latest in a long wave of disruptive technology, offering significant benefits but also creating risks if deployed in an uncontrolled manner. Recognizing this, many countries around the world, including Vietnam, are making efforts to research and build a legal framework to regulate and manage the development of AI to ensure that this technology supports their socio-economic development. In this context, the legislative experience of the European Union, one of world’s leaders in digital technology, is of high significance. The European GDPR, adopted in 2016, has become the international standard in terms of data protection. The EU AI Act, which is currently in a draft stage and will come into force not before end of 2024, sets out horizontal rules for the development, commodification and use of AI-driven products, services and systems, including the AI system and data protection. This article particularly scrutinizes the interplay between both the AI Act/AI systems and the GDPR and considers the regulatory state of play as at October 2022.

Eva Rodríguez,Beatriz Otero,Ramon Canal

DOI: https://doi.org/10.3390/s23031252

IF: 3.9

2023-01-22

Sensors

Abstract:Recent advances in hardware and information technology have accelerated the proliferation of smart and interconnected devices facilitating the rapid development of the Internet of Things (IoT). IoT applications and services are widely adopted in environments such as smart cities, smart industry, autonomous vehicles, and eHealth. As such, IoT devices are ubiquitously connected, transferring sensitive and personal data without requiring human interaction. Consequently, it is crucial to preserve data privacy. This paper presents a comprehensive survey of recent Machine Learning (ML)- and Deep Learning (DL)-based solutions for privacy in IoT. First, we present an in depth analysis of current privacy threats and attacks. Then, for each ML architecture proposed, we present the implementations, details, and the published results. Finally, we identify the most effective solutions for the different threats and attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ons Aouedi,Thai-Hoc Vu,Alessio Sacco,Dinh C. Nguyen,Kandaraj Piamrat,Guido Marchetto,Quoc-Viet Pham

2024-06-21

Abstract:The rapid advances in the Internet of Things (IoT) have promoted a revolution in communication technology and offered various customer services. Artificial intelligence (AI) techniques have been exploited to facilitate IoT operations and maximize their potential in modern application scenarios. In particular, the convergence of IoT and AI has led to a new networking paradigm called Intelligent IoT (IIoT), which has the potential to significantly transform businesses and industrial domains. This paper presents a comprehensive survey of IIoT by investigating its significant applications in mobile networks, as well as its associated security and privacy issues. Specifically, we explore and discuss the roles of IIoT in a wide range of key application domains, from smart healthcare and smart cities to smart transportation and smart industries. Through such extensive discussions, we investigate important security issues in IIoT networks, where network attacks, confidentiality, integrity, and intrusion are analyzed, along with a discussion of potential countermeasures. Privacy issues in IIoT networks were also surveyed and discussed, including data, location, and model privacy leakage. Finally, we outline several key challenges and highlight potential research directions in this important area.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security,Emerging Technologies,Machine Learning

Lachlan Urquhart,Derek McAuley

DOI: https://doi.org/10.1016/j.clsr.2017.12.004

2018-06-01

Abstract:Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things.

law