2015 IEEE 2nd World Forum on Internet of Things (WF-IoT) (2015)
Dec. 14, 2015 to Dec. 16, 2015
Ricardo Neisse , European Commission, Joint Research Centre, Ispra, Italy
Gianmarco Baldini , European Commission, Joint Research Centre, Ispra, Italy
Gary Steri , European Commission, Joint Research Centre, Ispra, Italy
Yutaka Miyake , [KDDI R&D Laboratories Inc., Japan
Shinsaku Kiyomoto , [KDDI R&D Laboratories Inc., Japan
Abdur Rahim Biswas , CREATE-NET Research Centre, Trento, Italy
The Informed Consent of a data subject (e.g., citizen) is often necessary to allow the legitimate processing of personal data by a third party application. The current implementation of Informed Consent based on End User License Agreements (EULA) has many limitations, which are likely to become more critical in future IoT applications, where the collection of personal data can happen in various ways and is not evident to the user. There is the need to define more sophisticated models of Informed Consent for IoT, which address the specific features of IoT, improve on the EULA approach, and protect the flow of personal data from the IoT sensors. In this paper, we propose an agent-based design for Informed Consent in IoT, where access to personal data is regulated through usage control policies, which can be tailored for the specific features of the user and the context. Policies are associated to users, service providers, and smart spaces containing IoT devices in a privacy-friendly way using pseudonyms. The main design concepts are described and applied to a smart city scenario, to evaluate the feasibility of the framework and the related deployment aspects.
Internet of Things, privacy
R. Neisse, G. Baldini, G. Steri, Y. Miyake, S. Kiyomoto and A. R. Biswas, "An agent-based framework for Informed Consent in the internet of things," 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT)(WF-IOT), Milan, Italy, 2015, pp. 789-794.