Realising the right to data portability for the domestic Internet of Things

There is an increasing role for the IT design community to play in regulation of emerging IT. Article 25 of the EU General Data Protection Regulation (GDPR) 2016 puts this on a strict legal basis by establishing the need for information privacy by design and default (PbD) for personal data-driven technologies. Against this backdrop, we examine legal, commercial and technical perspectives around the newly created legal right to data portability (RTDP) in GDPR. We are motivated by a pressing need to address regulatory challenges stemming from the Internet of Things (IoT). We need to find channels to support the protection of these new legal rights for users in practice. In Part I we introduce the internet of things and information PbD in more detail. We briefly consider regulatory challenges posed by the IoT and the nature and practical challenges surrounding the regulatory response of information privacy by design. In Part II, we look in depth at the legal nature of the RTDP, determining what it requires from IT designers in practice but also limitations on the right and how it relates to IoT. In Part III we focus on technical approaches that can support the realisation of the right. We consider the state of the art in data management architectures, tools and platforms that can provide portability, increased transparency and user control over the data flows. In Part IV, we bring our perspectives together to reflect on the technical, legal and business barriers and opportunities that will shape the implementation of the RTDP in practice, and how the relationships may shape emerging IoT innovation and business models. We finish with brief conclusions about the future for the RTDP and PbD in the IoT

Privacy Shielding by Design - A Strategies Case for Near-Compliance

Contains fulltext : 166140.pdf (preprint version ) (Open Access)REW: 2016 IEEE 24th International Requirements Engineering Conference Workshops, 12-16 September 2016, Beijing, Chin

A System of Privacy Patterns for User Control

Contains fulltext : 191709.pdf (publisher's version ) (Open Access

PRIVACY BY DESIGN FOR LOCAL ENERGY COMMUNITIES

Contains fulltext : 195395.pdf (publisher's version ) (Open Access

Privacy architectural strategies: an approach for achieving various levels of privacy protection

A wide array of Privacy-Enhancing Technologies (PETs) have been proposed as technical measures to provide various levels of privacy protection. Each technical measure is a building block that addresses specific privacy issues and is applicable to specific contexts. Existing approaches, however, do not provide step-by-step guidance to illustrate how these PETs can be appropriately adopted in a contextual and structured manner. From an engineering perspective, it is important to illustrate precisely how to design and implement privacy requirements and incorporate them into software architectures, as well as to choose between alternative PETs. We present an engineering approach to Privacy by Design (PbD) that uses the concept of architectural strategies to support the adoption of PETs in the early stages of the design process to achieve various levels of privacy protection. These strategies are collections of architectural tactics, which are described through design patterns and realised by PETs. We illustrate the approach’s use in the context of eToll pricing systems and argue that this contribution lays the foundation for developing appropriate privacy engineering methodologies