Horizon CDT Research Highlights

Research Highlights

Cybersecurity & Trust in Internet of Things (IoT): Agency and negotiability over personal data in smart devices in the home.

  Farid Vayani (2020 cohort)

Internet of Things is making everything smart through a network of items with sensors connected to the Internet (Minn et al., 2015). Smart devices are those items that connect to other devices or networks using wireless connectivity such as Wi-Fi, 5G (IGI Global, 2021). Smartphones, smart locks and smartwatches are examples of smart devices. According to the UK Data Protection Act (DPA) and the General Data Protection Regulation (GDPR), personal data is any information that relates to an identified or identifiable individual such as name, email, NI number, location data (ICO, n.d.). Both the DPA and GDPR mandate that the design process for new products and services consider data protection and privacy risks within it. We argue that the state-of-the-art for storing personal data in the home and setting user preferences in smart devices requires research.  

Our research will (i) provide design and governance guidelines in a non-legalistic language for the manufacturers and service providers of smart devices to consider in the design process for new products and services. (ii) Consequently through standardisation, they will yield competitive advantage, and reduce their compliance, and data processing burden. (iii) Further, our research will bridge the gap between the manufacturers, service providers, privacy professionals and regulators concerning the data protection and privacy risks leading to privacy issues in smart devices. 

Our eventual goal is to translate the design and governance guidelines to a policy.

Why is it important? Smart device users lack understanding of data privacy (Marwick & Boyd, 2014) and control over how their personal data is shared and processed (Broenink et al., 2010). Our proposed research will (a) enable and empower the users of smart devices to make informed choices about how much and who they share their data with and therefore have control over their personal data. (b) So the users can enjoy the tailored services of smart devices, to improve convenience and not worry about their data privacy. 

We will do this through co-creation of design and governance guidelines. A technical standpoint of our starting position is to assume a solution that brings data processing and storage closer to where it is generated, akin to Databox (McAuley et al., 2016). The guidelines for the solution will cover the architecture, user interface and interactions, so users can model their privacy settings and preferences without difficulty. It will also cover cybersecurity areas such as user authentication and data security.

Broenink, G., Hoepman, J.-H., Hof, C. van ’t, van Kranenburg, R., Smits, D., & Wisman, T. (2010). The Privacy Coach: Supporting customer privacy in the Internet
        of Things. 1–10. http://arxiv.org/abs/1001.4459
ICO. (n.d.). Information Commissioner's Office. 
IGI Global (2021) What is Smart Device 
Marwick, A. E., & Boyd, D. (2014). Networked privacy: How teenagers negotiate context in social media. New Media and Society.
McAuley, D., Brown, T., Glover K., Amar, Y., Mortier, R., Li, Q., Lodge, T., Haddadi, H., Hiwal, Poonam, Price, D., Zhao, R. (2019). Privacy-Aware Data Analytics Platformhttps://github.com/me-box/databox/
Minn, H., Zeng, M., & Bhargava, V. (2015). Towards a definition of the {Internet of Things (IoT)}. IEEE Internet Initiative, 1–86.

This author is supported by the Horizon Centre for Doctoral Training at the University of Nottingham (UKRI Grant No. EP/S023305/1).