Next Article in Journal
Data-Driven Calibration of Soil Moisture Sensor Considering Impacts of Temperature: A Case Study on FDR Sensors
Previous Article in Journal
Analysis of Agile Canine Gait Characteristics Using Accelerometry
Previous Article in Special Issue
An Aggregate Signature Scheme Based on a Trapdoor Hash Function for the Internet of Things
Open AccessArticle

Privacy Engineering for Domestic IoT: Enabling Due Diligence

School of Computer Science, University of Nottingham, Nottingham NG7 2RD, UK
*
Authors to whom correspondence should be addressed.
Sensors 2019, 19(20), 4380; https://doi.org/10.3390/s19204380
Received: 12 August 2019 / Revised: 16 September 2019 / Accepted: 28 September 2019 / Published: 10 October 2019
(This article belongs to the Special Issue Security and Privacy in Internet of Things)
The EU’s General Data Protection Regulation (GDPR) has recently come into effect and insofar as Internet of Things (IoT) applications touch EU citizens or their data, developers are obliged to exercise due diligence and ensure they undertake Data Protection by Design and Default (DPbD). GDPR mandates the use of Data Protection Impact Assessments (DPIAs) as a key heuristic enabling DPbD. However, research has shown that developers generally lack the competence needed to deal effectively with legal aspects of privacy management and that the difficulties of complying with regulation are likely to grow considerably. Privacy engineering seeks to shift the focus from interpreting texts and guidelines or consulting legal experts to embedding data protection within the development process itself. There are, however, few examples in practice. We present a privacy-oriented, flow-based integrated development environment (IDE) for building domestic IoT applications. The IDE enables due diligence in (a) helping developers reason about personal data during the actual in vivo construction of IoT applications; (b) advising developers as to whether or not the design choices they are making occasion the need for a DPIA; and (c) attaching and making available to others (including data processors, data controllers, data protection officers, users and supervisory authorities) specific privacy-related information that has arisen during an application’s development. View Full-Text
Keywords: general data protection regulation (GDPR); data protection by design and default (DPbD); data protection impact assessment (DPIA); due diligence; privacy engineering; internet of things (IoT); databox; integrated development environment (IDE) general data protection regulation (GDPR); data protection by design and default (DPbD); data protection impact assessment (DPIA); due diligence; privacy engineering; internet of things (IoT); databox; integrated development environment (IDE)
Show Figures

Figure 1

MDPI and ACS Style

Lodge, T.; Crabtree, A. Privacy Engineering for Domestic IoT: Enabling Due Diligence. Sensors 2019, 19, 4380.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop