Aljeraisy, Atheer, Barati, Masoud, Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646 and Perera, Charith ORCID: https://orcid.org/0000-0002-0190-3346 2021. Privacy laws and privacy by design schemes for the Internet of Things: a developer’s perspective. ACM Computing Surveys 54 (5) , 102. 10.1145/3450965 |
Preview |
PDF
- Accepted Post-Print Version
Download (7MB) | Preview |
Abstract
Internet of Things (IoT) applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague, and could be challenging to extract and enact such legal requirements. In this paper, we have conducted a systematic analysis of the privacy and data protection laws that are used across different continents, namely: (i) General Data Protection Regulations (GDPR), (ii) the Personal Information Protection and Electronic Documents Act (PIPEDA), (iii) the California Consumer Privacy Act (CCPA), (iv) Australian Privacy Principles (APPs), and (v) New Zealand’s Privacy Act 1993. Then, we used framework analysis method to attain a comprehensive view of different \textcolor{blue}{privacy and} data protection laws and highlighted the disparities, in order to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, the key principles and individuals’ rights of the CPLF were mapped with Privacy by Design (PbD) schemes (e.g., privacy principles, strategies, guidelines, and patterns) developed previously by different researchers in order to investigate the gaps in existing schemes. Subsequently, we have demonstrated how to apply and map privacy patterns into IoT architectures at the design stage, and have also highlighted the complexity of doing such mapping. Finally, we have identified the major challenges that should be addressed and potential research directions in order to take the burden off software developers when applying privacy-preserving techniques that comply with privacy and data protection laws. We have released a companion technical report [3] that comprises all definitions, detailed steps on how we developed the CPLF, and detailed mappings between CPLF, and PbD schemes.
Item Type: | Article |
---|---|
Date Type: | Publication |
Status: | Published |
Schools: | Computer Science & Informatics |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Publisher: | Association for Computing Machinery (ACM) |
ISSN: | 0360-0300 |
Date of First Compliant Deposit: | 16 March 2021 |
Date of Acceptance: | 15 February 2021 |
Last Modified: | 02 Dec 2024 19:15 |
URI: | https://orca.cardiff.ac.uk/id/eprint/139754 |
Citation Data
Cited 5 times in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
Edit Item |