Skip to main content

Research Repository

See what's under the surface

IoT App Development: Supporting Data Protection by Design and Default

Lodge, Thomas; Crabtree, Andy; Brown, Anthony

Authors

Thomas Lodge

Andy Crabtree

Anthony Brown



Abstract

In the domestic IoT domain, data is often collected by phys- ical sensors and actuators embedded in the household and used to provide contextually relevant services to end users. Given that this data is often personal, the EU’s General Data Protection Regulation can implicate IoT app devel- opers, requiring them to adhere to "data protection by de- sign and default" to ensure safeguards that protect a data subject’s rights. Yet the simple-to-use task-oriented de- velopment environments that are commonly used to build domestic IoT apps provide little support for developers to engage with data protection measures. In this paper we present an overview of an IoT development environment that has been designed to help developers engage with data protection at app design time. We describe a data tracking feature, which makes all personal flows in an app explicit at development time and which provides the foun- dation for an additonal set of data protection measures, including personal data disclosure risk assessments, trans- parency of processing and runtime inspection.

Presentation Conference Type Conference Paper (unpublished)
Start Date Oct 8, 2018
Publication Date Oct 12, 2018
Publisher Association for Computing Machinery (ACM)
Pages 901-910
Book Title UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers
ISBN 978-1-4503-5966-5
Institution Citation Lodge, T., Crabtree, A., & Brown, A. (2018). IoT App Development: Supporting Data Protection by Design and Default. In UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers, 901-910. doi:10.1145/3267305.3274151
DOI https://doi.org/10.1145/3267305.3274151
Keywords Internet of Things, edge computing, Databox, data protection, GDPR, trusted application development, IDE

Files





Downloadable Citations