More Web Proxy on the site http://driver.im/

research-article

IoT App Development: Supporting Data Protection by Design and Default

Authors:

Anthony BrownAuthors Info & Claims

UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

Pages 901 - 910

https://doi.org/10.1145/3267305.3274151

Published: 08 October 2018 Publication History

Abstract

In the domestic IoT domain, data is often collected by physical sensors and actuators embedded in the household and used to provide contextually relevant services to end users. Given that this data is often personal, the EU's General Data Protection Regulation can implicate IoT app developers, requiring them to adhere to "data protection by design and default" to ensure safeguards that protect a data subject's rights. Yet the simple-to-use task-oriented development environments that are commonly used to build domestic IoT apps provide little support for developers to engage with data protection measures. In this paper we present an overview of an IoT development environment that has been designed to help developers engage with data protection at app design time. We describe a data tracking feature, which makes all personal flows in an app explicit at development time and which provides the foundation for an additonal set of data protection measures, including personal data disclosure risk assessments, transparency of processing and runtime inspection.

References

[1]

Home Assistant. 2018. Home Assistant. (2018). Retrieved July 26, 2018 from https://www.home-assistant.io.

[2]

Amir Chaudhry, Jon Crowcroft, Heidi Howard, Anil Madhavapeddy, Richard Mortier, Hamed Haddadi, and Derek McAuley. 2015. Personal Data: Thinking Inside the Box. In Proceedings of The Fifth Decennial Aarhus Conference on Critical Alternatives (CA '15). Aarhus University Press, 29--32.

Digital Library

[3]

data.gov.uk Library. 2017. MyDex. https://data.gov.uk/library/mydex. (Apr 2017).

[4]

Yves-Alexandre de Montjoye, Erez Shmueli, Samuel S Wang, and Alex Sandy Pentland. 2014. openpds: Protecting the privacy of metadata through safeanswers. PloS one 9, 7 (2014), e98790.

[5]

Lilian Edwards and Michael Veale. 2017. Slave to the Algorithm: Why a Right to an Explanation Is Probably Not the Remedy You Are Looking for. Duke Law & Technology Review 16 (2017), 18.

[6]

Google. 2018. Attacking Discrimination in ML. (2018). Retrieved July 26, 2018 from https://research.google.com/bigpicture/attacking-discrimination-in-ml.

[7]

Justin Huang and Maya Cakmak. 2015. Supporting Mental Model Accuracy in Trigger-action Programming. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '15). ACM, New York, NY, USA, 215--225.

Digital Library

[8]

IFTTT. 2018. IFTTT. (2018). Retrieved July 26, 2018 from https://ifttt.com.

[9]

Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information Flow Control for Standard OS Abstractions. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles (SOSP '07). ACM, New York, NY, USA, 321--334.

Digital Library

[10]

Peng Liu, Dale Willis, and Suman Banerjee. 2016. Paradrop: Enabling lightweight multi-tenancy at the network's extreme edge. In Edge Computing (SEC), IEEE/ACM Symposium on. IEEE, 1--13.

[11]

J Paul Morrison. 1994. Flow-based programming. In Proceedings of the 1st International Workshop on Software Engineering for Parallel and Distributed Systems. 25--29.

[12]

Mozilla. 2018. Project Things. (2018). Retrieved July 26, 2018 from https://iot.mozilla.org.

[13]

Mark W Newman. 2006. Now we're cooking: Recipes for end-user service composition in the digital home. (2006).

[14]

M. Oltrogge, E. Derr, C. Stransky, Y. Acar, S. Fahl, C. Rossow, G. Pellegrino, S. Bugiel, and M. Backes. 2018. The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. In 2018 IEEE Symposium on Security and Privacy (SP). 634--647.

[15]

OpenHAB. 2018. OpenHAB. (2018). Retrieved July 26, 2018 from https://www.openhab.org.

[16]

Stringify. 2018. Stringify. (2018). Retrieved July 26, 2018 from https://www.stringify.com.

[17]

Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das, and Limin Jia. 2017. Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes. In Proceedings of the 26th International Conference on World Wide Web (WWW '17). International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland, 1501--1510.

Digital Library

[18]

Gary M. Weiss and Jeffrey W. Lockhart. 2011. Identifying User Traits by Mining Smart Phone Accelerometer Data. In Proceedings of the Fifth International Workshop on Knowledge Discovery from Sensor Data (SensorKDD '11). ACM, New York, NY, USA, 61--69.

Digital Library

[19]

Wikipedia. 2018a. Apple HomeKit. (2018). Retrieved July 26, 2018 from https://en.wikipedia.org/wiki/HomeKit.

[20]

Wikipedia. 2018b. Samsung Smart Things. (2018). Retrieved July 26, 2018 from https://en.wikipedia.org/wiki/SmartThings.

[21]

Yeti. 2018. Yeti. (2018). Retrieved July 26, 2018 from https://getyeti.co.

[22]

Zapier. 2018. Zapier. (2018). Retrieved July 26, 2018 from https://zapier.com.

Cited By

Porambage PLiyanage MSandeepa CPorambage PLiyanage M(2023)6G Privacy Challenges and Possible SolutionSecurity and Privacy Vision in 6G10.1002/9781119875437.ch14(201-226)Online publication date: 21-Jul-2023
https://doi.org/10.1002/9781119875437.ch14
Cloete RNorval CSingh J(2021)Auditable Augmented/Mixed/Virtual RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/34950015:4(1-24)Online publication date: 30-Dec-2021
https://dl.acm.org/doi/10.1145/3495001
Alkhatib SWaycott JBuchanan GGrobler MWang S(2021)Privacy by Design in Aged Care Monitoring Devices? Well, Not Quite Yet!32nd Australian Conference on Human-Computer Interaction10.1145/3441000.3441049(492-505)Online publication date: 15-Feb-2021
https://doi.org/10.1145/3441000.3441049
Show More Cited By

Index Terms

IoT App Development: Supporting Data Protection by Design and Default
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Privacy-Patterns for IoT Application Developers
UbiComp/ISWC '22 Adjunct: Adjunct Proceedings of the 2022 ACM International Joint Conference on Pervasive and Ubiquitous Computing and the 2022 ACM International Symposium on Wearable Computers

Designing Internet of things (IoT) applications (apps) is challenging due to the heterogeneous nature of the systems on which these apps are deployed. Personal data, often classified as sensitive, may be collected and analysed by IoT apps, where data ...
IoT Security & Privacy: Threats and Challenges
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

The era of the Internet of Things (IoT) has already started and it will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats in our daily life. Before the advent ...
PARROT: Interactive Privacy-Aware Internet of Things Application Design Tool

Internet of Things (IoT) applications typically collect and analyse personal data that is categorised as sensitive or special category of personal data. These data are subject to a higher degree of protection under data privacy laws. Regardless of legal ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

October 2018

1881 pages

ISBN:9781450359665

DOI:10.1145/3267305

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
University of Florida: University of Florida
SIGCHI: ACM Special Interest Group on Computer-Human Interaction

In-Cooperation

SIGSPATIAL: ACM Special Interest Group on Spatial Information

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Engineering and Physical Sciences Research Council

Conference

UbiComp '18

Sponsor:

SIGMOBILE
University of Florida
SIGCHI

UbiComp '18: The 2018 ACM International Joint Conference on Pervasive and Ubiquitous Computing

October 8 - 12, 2018

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 663 of 2,523 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
297
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Porambage PLiyanage MSandeepa CPorambage PLiyanage M(2023)6G Privacy Challenges and Possible SolutionSecurity and Privacy Vision in 6G10.1002/9781119875437.ch14(201-226)Online publication date: 21-Jul-2023
https://doi.org/10.1002/9781119875437.ch14
Cloete RNorval CSingh J(2021)Auditable Augmented/Mixed/Virtual RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/34950015:4(1-24)Online publication date: 30-Dec-2021
https://dl.acm.org/doi/10.1145/3495001
Alkhatib SWaycott JBuchanan GGrobler MWang S(2021)Privacy by Design in Aged Care Monitoring Devices? Well, Not Quite Yet!32nd Australian Conference on Human-Computer Interaction10.1145/3441000.3441049(492-505)Online publication date: 15-Feb-2021
https://doi.org/10.1145/3441000.3441049
Wang QDatta PYang WLiu SBates AGunter CCavallaro LKinder JWang XKatz J(2019)Charting the Attack Surface of Trigger-Action IoT PlatformsProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3345662(1439-1453)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3345662

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents