GDPR Compliance Verification in Internet of Things
Data privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9127459/ |
| _version_ | 1797243433706848256 |
|---|---|
| author | Masoud Barati Omer Rana Ioan Petri George Theodorakopoulos |
| author_facet | Masoud Barati Omer Rana Ioan Petri George Theodorakopoulos |
| author_sort | Masoud Barati |
| collection | DOAJ |
| description | Data privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation is carried out on their (personal) data by smart devices or cloud-hosted services. Blockchains provide the benefits of a distributed and immutable ledger recording digital transactions across a global network of peer nodes. Blockchain support for tracking of operations carried out by an IoT-based system provides greater confidence to a user that the IoT device is not infringing user privacy (as the Blockchain can be audited to verify which operation was carried out, by which actor). A formal model (following the privacy-by-design approach) is proposed for supporting GDPR compliance checking for smart devices. The privacy requirements of such applications are related to GDPR obligations of device (and software systems) operators (such as user consent, data protection, right to forget etc). Three smart contracts are proposed as a practical solution to support automated verification of operations carried out by devices on user data, in accordance with GDPR rules. We evaluate the performance and scalability costs of our approach using a Blockchain test network. |
| first_indexed | 2024-04-24T18:55:03Z |
| format | Article |
| id | doaj.art-5a305edca8df43069856c9ab24ee4f08 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-24T18:55:03Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-5a305edca8df43069856c9ab24ee4f082024-03-26T17:42:01ZengIEEEIEEE Access2169-35362020-01-01811969711970910.1109/ACCESS.2020.30055099127459GDPR Compliance Verification in Internet of ThingsMasoud Barati0https://orcid.org/0000-0002-8907-0384Omer Rana1https://orcid.org/0000-0003-3597-2646Ioan Petri2https://orcid.org/0000-0002-1625-8247George Theodorakopoulos3School of Computer Science and Informatics, Cardiff University, Cardiff, U.KSchool of Computer Science and Informatics, Cardiff University, Cardiff, U.KSchool of Engineering, Cardiff University, Cardiff, U.KSchool of Computer Science and Informatics, Cardiff University, Cardiff, U.KData privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation is carried out on their (personal) data by smart devices or cloud-hosted services. Blockchains provide the benefits of a distributed and immutable ledger recording digital transactions across a global network of peer nodes. Blockchain support for tracking of operations carried out by an IoT-based system provides greater confidence to a user that the IoT device is not infringing user privacy (as the Blockchain can be audited to verify which operation was carried out, by which actor). A formal model (following the privacy-by-design approach) is proposed for supporting GDPR compliance checking for smart devices. The privacy requirements of such applications are related to GDPR obligations of device (and software systems) operators (such as user consent, data protection, right to forget etc). Three smart contracts are proposed as a practical solution to support automated verification of operations carried out by devices on user data, in accordance with GDPR rules. We evaluate the performance and scalability costs of our approach using a Blockchain test network.https://ieeexplore.ieee.org/document/9127459/Blockchain-based auditingbusiness processesgeneral data protection regulationInternet of Thingsuser privacy |
| spellingShingle | Masoud Barati Omer Rana Ioan Petri George Theodorakopoulos GDPR Compliance Verification in Internet of Things IEEE Access Blockchain-based auditing business processes general data protection regulation Internet of Things user privacy |
| title | GDPR Compliance Verification in Internet of Things |
| title_full | GDPR Compliance Verification in Internet of Things |
| title_fullStr | GDPR Compliance Verification in Internet of Things |
| title_full_unstemmed | GDPR Compliance Verification in Internet of Things |
| title_short | GDPR Compliance Verification in Internet of Things |
| title_sort | gdpr compliance verification in internet of things |
| topic | Blockchain-based auditing business processes general data protection regulation Internet of Things user privacy |
| url | https://ieeexplore.ieee.org/document/9127459/ |
| work_keys_str_mv | AT masoudbarati gdprcomplianceverificationininternetofthings AT omerrana gdprcomplianceverificationininternetofthings AT ioanpetri gdprcomplianceverificationininternetofthings AT georgetheodorakopoulos gdprcomplianceverificationininternetofthings |