11 research outputs found
Realising the right to data portability for the domestic Internet of Things
There is an increasing role for the IT design community to play in regulation
of emerging IT. Article 25 of the EU General Data Protection Regulation (GDPR)
2016 puts this on a strict legal basis by establishing the need for information
privacy by design and default (PbD) for personal data-driven technologies.
Against this backdrop, we examine legal, commercial and technical perspectives
around the newly created legal right to data portability (RTDP) in GDPR. We are
motivated by a pressing need to address regulatory challenges stemming from the
Internet of Things (IoT). We need to find channels to support the protection of
these new legal rights for users in practice. In Part I we introduce the
internet of things and information PbD in more detail. We briefly consider
regulatory challenges posed by the IoT and the nature and practical challenges
surrounding the regulatory response of information privacy by design. In Part
II, we look in depth at the legal nature of the RTDP, determining what it
requires from IT designers in practice but also limitations on the right and
how it relates to IoT. In Part III we focus on technical approaches that can
support the realisation of the right. We consider the state of the art in data
management architectures, tools and platforms that can provide portability,
increased transparency and user control over the data flows. In Part IV, we
bring our perspectives together to reflect on the technical, legal and business
barriers and opportunities that will shape the implementation of the RTDP in
practice, and how the relationships may shape emerging IoT innovation and
business models. We finish with brief conclusions about the future for the RTDP
and PbD in the IoT
Privacy Shielding by Design - A Strategies Case for Near-Compliance
Contains fulltext :
166140.pdf (preprint version ) (Open Access)REW: 2016 IEEE 24th International Requirements Engineering Conference Workshops, 12-16 September 2016, Beijing, Chin
A System of Privacy Patterns for User Control
Contains fulltext :
191709.pdf (publisher's version ) (Open Access
PRIVACY BY DESIGN FOR LOCAL ENERGY COMMUNITIES
Contains fulltext :
195395.pdf (publisher's version ) (Open Access
Privacy architectural strategies: an approach for achieving various levels of privacy protection
A wide array of Privacy-Enhancing Technologies (PETs) have been
proposed as technical measures to provide various levels of privacy
protection. Each technical measure is a building block that
addresses specific privacy issues and is applicable to specific contexts.
Existing approaches, however, do not provide step-by-step
guidance to illustrate how these PETs can be appropriately adopted
in a contextual and structured manner. From an engineering perspective,
it is important to illustrate precisely how to design and
implement privacy requirements and incorporate them into software
architectures, as well as to choose between alternative PETs.
We present an engineering approach to Privacy by Design (PbD)
that uses the concept of architectural strategies to support the adoption
of PETs in the early stages of the design process to achieve
various levels of privacy protection. These strategies are collections
of architectural tactics, which are described through design patterns
and realised by PETs. We illustrate the approachâs use in the
context of eToll pricing systems and argue that this contribution
lays the foundation for developing appropriate privacy engineering
methodologies