Next Article in Journal
COVID-19 Epidemic as E-Learning Boost? Chronological Development and Effects at an Austrian University against the Background of the Concept of “E-Learning Readiness”
Previous Article in Journal
Neither Denied nor Exposed: Fixing WebRTC Privacy Leaks
Previous Article in Special Issue
Cybersecurity and Safety Co-Engineering of Cyberphysical Systems—A Comprehensive Survey
Open AccessArticle

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Department of Computing & Informatics, Bournemouth University, Fern Barrow, Poole BH12 5BB, UK
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Future Internet 2020, 12(5), 93; https://doi.org/10.3390/fi12050093
Received: 9 March 2020 / Revised: 1 May 2020 / Accepted: 18 May 2020 / Published: 24 May 2020
(This article belongs to the Special Issue Future and Emerging topics in Security for Cyber-Physical Systems)
Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions. View Full-Text
Keywords: contextual integrity; privacy; risk; Data Protection Impact Assessment; DPIA; General Data Protection Regulation; GDPR contextual integrity; privacy; risk; Data Protection Impact Assessment; DPIA; General Data Protection Regulation; GDPR
Show Figures

Figure 1

MDPI and ACS Style

Henriksen-Bulmer, J.; Faily, S.; Jeary, S. DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems. Future Internet 2020, 12, 93.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop