A Reference Design Model to Manage Consent in Data Subjects-Centered Internet of Things Devices
Author:
Khatiwada Pankaj1ORCID, Yang Bian1, Lin Jia-Chun1ORCID, Mugurusi Godfrey2ORCID, Underbekken Stian3
Affiliation:
1. Department of Information Security and Communication Technology (IIK), Norwegian University of Science and Technology (NTNU), 7034 Trondheim, Norway 2. Department of Industrial Economics and Technology Management (IØT), Norwegian University of Science and Technology (NTNU), 7034 Trondheim, Norway 3. IKOMM AS, 2624 Lillehammer, Norway
Abstract
Internet of Things (IoT) devices have changed how billions of people in the world connect and interact with each other. But, as more people use IoT devices, many questions arise about how these devices handle private data and whether they properly ask for permission when using it. Due to information privacy regulations such as the EU’s General Data Protection Regulation (GDPR), which requires companies to seek permission from data subjects (DS) before using their data, it is crucial for IoT companies to obtain this permission correctly. However, this can be really challenging in the IoT world because people often find it difficult to interact with and manage multiple IoT devices under their control. Also, the rules about privacy are not always clear. As such, this paper proposes a new model to improve how consent is managed in the world of IoT. The model seeks to minimize “consent fatigue” (when people get tired of always being asked for permission) and give DS more control over how their data are shared. This includes having default permission settings, being able to compare similar devices, and, in the future, using AI to give personalized advice. The model allows users to easily review and change their IoT device permissions if previous conditions are not met. It also emphasizes the need for easily understandable privacy rules, clear communication with users, and robust tracking of consent for data usage. By using this model, companies that provide IoT services can do a better job of protecting user privacy and managing DS consent. In addition, companies can more easily comply with data protection laws and build stronger relationships with their customers.
Funder
Regionalt Forskningsfond Innlandet Research Council of Norway, Health Democratization project
Reference24 articles.
1. Others Internet of Things (IoT): A literature review;Madakam;J. Comput. Commun.,2015 2. A mapping of IoT user-centric privacy preserving approaches to the GDPR;Kounoudes;Internet Things,2020 3. Psychoula, I., Singh, D., Chen, L., Chen, F., Holzinger, A., and Ning, H. (2018, January 8–12). Users’ privacy concerns in IoT based applications. Proceedings of the 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Guangzhou, China. 4. Pardo, R., and Le Métayer, D. (2019, January 15–17). Analysis of privacy policies to enhance informed consent. Proceedings of the Data And Applications Security And Privacy XXXIII: 33rd Annual IFIP WG 11.3 Conference, DBSec 2019, Charleston, SC, USA. 5. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council. Off. J. Eur. Union, 679, 1–88.
|
|