Toward GDPR Compliance in IoT Systems

Allegue, Sahar; Rhahla, Mouna; Abdellatif, Takoua

doi:10.1007/978-3-030-45989-5_11

Cited by 9 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since GDPR came into effect, many studies have investigated its impact on smart home users and devices [13,21,45,57,59,73,81,94,97,103,121,177,178]. More research emerged into facilitating GDPR-compliant consent notices.…”

Section: User Studies In Data Protectionmentioning

confidence: 99%

Data Protection at a Discount: Investigating the UX of Data Protection from User, Designer, and Business Leader Perspectives

Chalhoub

Fléchais

2022

Proc. ACM Hum.-Comput. Interact.

View full text Add to dashboard Cite

Smart homes are dangerous - a sentiment arising from prior research exploring the user experience (UX) of data protection for smart home devices. While this research has explored data protection shortcomings for users, UX is a designed encounter reconciling development, economic, compliance and strategic business priorities. And so, in addition to studying user perspectives, there is a gap in understanding how designers and business leaders influence the UX of data protection. To address this gap, we study smart home users, designers and business leaders, exploring how they experience data protection interactions, regulation, and processes. Our findings confirm that users have poor data protection interactions (e.g., consent and data access requests). We also find that business leaders and designers experience difficulties in identifying, applying, and tailoring suitable processes and practices for data protection for which some have developed "discount data protection": shortcuts, heuristics, and common sense practices to overcome these challenges.

show abstract

Section: User Studies In Data Protectionmentioning

confidence: 99%

Data Protection at a Discount: Investigating the UX of Data Protection from User, Designer, and Business Leader Perspectives

Chalhoub

Fléchais

2022

Proc. ACM Hum.-Comput. Interact.

View full text Add to dashboard Cite

show abstract

“…Or in [14], a sociotechnical-security technique, extended with DP concepts to reason about compliance. Others take design time approaches such as [15] to understand complex requirement relationships or [16] for evaluating IoT compliance. Requirements are formalised to inform the SDLC in [17] and for healthcare systems in [18].…”

Section: B Software Gdpr Assessmentmentioning

confidence: 99%

Towards a Taxonomy for Evaluating Societal Concerns of Contact Tracing Apps

Welsh

Rekanar

Abbas

et al. 2020

2020 7th International Conference on Behavioural and Social Computing (BESC)

View full text Add to dashboard Cite

Contact Tracing (CT) is seen as a key tool in reducing the propagation of viruses, such as Covid-19. Given near ubiquitous societal usage of mobile devices, governments globally are choosing to augment manual CT with CT applications (CTAs) on smart phones. While a plethora of solutions have been spawned, their overall effectiveness is based on majority population uptake. Unfortunately, their rapid deployment and the nature of the information they gather has prompted a variety of user concerns such as information privacy and Data Protection (DP). Therefore selecting an optimal solution to maximise user trust and uptake is crucial. In this work, we present our initial deliberations towards a CTA evaluation taxonomy for societal concerns. This is a subset of a larger taxonomy which is being developed as part of the Science Foundation Ireland project -COVIGILANT, which will ultimately be utilized to evaluate and compare numerous CTAs to select the optimal solution for a given population. In this paper we present our preliminary CTAs with respect to the societal concerns of security, data protection and transparency. We then elaborate on these CTAs by means of two illustrative examples in order to promote discussion, evaluation and refinement.Index Terms-data-protection transparency covid-19 taxonomy GDPR mhealth,

show abstract