Designing Privacy Aware Internet of Things Applications.
Date
2024-03-25
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Cardiff University
Abstract
The Internet of Things (IoT) integrates physical devices with software, enabling extensive
data interactions. This combination, often involving diverse specialists, leads to complexity,
with privacy often overlooked. Given the sensitive nature of data in many IoT applications
and the strict privacy regulations they face, early privacy consideration is essential. Many
researchers advocate techno-regulatory methods like privacy-by-design (PbD) principles.
Their complexity and lack of clear guidelines make their application in IoT challenging.
We present a simplified and visual method for IoT developers to embed privacy into their
applications. Unlike traditional methodologies that involve complex and time-consuming
steps, our method is straightforward and interactive. Our framework approach is intended for
the conceptual design phase of the software development life cycle (SDLC) to support early
dialogue between lawyers and developers in the context of IoT app design. The key value
is following a user(developer)-centric approach to fulfil their needs in addition to meeting
privacy requirements.
The thesis contributes in three ways. First, by exploring non-IoT privacy techniques,
we discovered the challenges of migrating these strategies to IoT. Second, our subsequent
interactions with developers and privacy experts revealed common challenges in privacy
design. Accordingly, we proposed PARROT (PrivAcy by design tool foR inteRnet Of Things),
a tool engineered to intuitively guide IoT developers. Third, our exploration of less regulated
domains illustrated further privacy challenges and underscored the potential of tools like
PARROT to amplify awareness of privacy norms in IoT design.
Through multiple case studies and experiments, we validated PARROT’s effectiveness in
reducing privacy issues while designing IoT applications. Overall, the experimental results
demonstrated in this thesis confirm our hypothesis that PARROT reduces privacy mistakes
and increases privacy knowledge among developers during the Internet of Things software
design phase by offering an interactive design method to augment the design process and
provide real-time feedback.
Description
Keywords
The Internet of Things (IoT), Privacy, Privacy by Design, PbD, privacy-by-design principles, Software tools, Software developers