Skip to main content
SpringerLink
Log in

A Need for Privacy-Assistive Technology in Notice and Consent Paradigm in IoT

  • Conference paper
  • First Online:
Digital Sovereignty in Cyber Security: New Challenges in Future Vision (CyberSec4Europe 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1807))

  • 251 Accesses

Abstract

A privacy notice is a document/notification that is addressed to consumers, describing how their personal information will be handled. While browsing the Internet, installing an app on smartphone, setting up a smart sensor or IoT devices in personal spaces, consumers are often asked to consent to privacy notices. Ideally, the consumer is expected to read and understand the notice and give an informed consent. These notices are often lengthy and complicated, containing legal-technical jargons and ambiguous statements describing commercial use of personal data. Most people reflexively choose “I consent”, unknowingly agreeing to unfair-deceptive practices. Given the ubiquity of IoT and thus ubiquity of (personal) data collection, the reliance on notice and consent is inappropriate. In this article, we present the challenges of the notice and consent paradigm, and explore the idea of privacy-assistive solutions to enhance consumer privacy awareness and control in IoT.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Acquisti, A., Brandimarte, L., Loewenstein, G.: Secrets and likes: the drive for privacy and the difficulty of achieving it in the digital age. J. Consum. Psychol. 30(4), 736–758 (2020)

    Article  Google Scholar 

  2. Amos, R., Acar, G., Lucherini, E., Kshirsagar, M., Narayanan, A., Mayer, J.: Privacy policies over time: curation and analysis of a million-document dataset. In: Proceedings of the Web Conference 2021, pp. 2165–2176 (2021)

    Google Scholar 

  3. Ashton, K.: That ‘Internet of Things’ thing. RFiD J. 22(7) (2011)

    Google Scholar 

  4. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  MATH  Google Scholar 

  5. Barth, S., De Jong, M.D.T.: The privacy paradox-investigating discrepancies between expressed privacy concerns and actual online behavior-a systematic literature review. Telematics Inform. 34(7), 1038–1058 (2017)

    Article  Google Scholar 

  6. Bella, K., Carugati, C., Mulligan, C., Piekarska-Geater, M.: Data for common purpose:leveraging consent to build trust. https://www.weforum.org/whitepapers/data-for-common-purpose-leveraging-consent-to-build-trust/ (2021)

  7. Breaux, T., et al.: An Introduction to privacy for technology professionals. IAPP Publication (2020)

    Google Scholar 

  8. Cisco. The iot value/trust paradox: Building trust and value in the data exchange between people, things and providers (2017). https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2017/m12/cisco-survey-reveals-divide-between-iot-value-and-trust.html. Accessed: 2021-12-21

  9. Cisco. Consumer privacy survey: The growing imperative of getting data privacy right (2019). https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/cybersecurity-series-2019-cps.pdf. Accessed: 2022-01-06

  10. CNIL. The CNIL’s restricted committee imposes a financial penalty of 50 million euros against google llc (2019). https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc

  11. Emami-Naeini, P., et al.: Privacy expectations and preferences in an iot world. In: Thirteenth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2017), pp. 399–412 (2017)

    Google Scholar 

  12. Emami-Naeini, P., Dheenadhayalan, J., Agarwal, Y., Cranor, L.F.: Which privacy and security attributes most impact consumers’ risk perception and willingness to purchase IoT devices? In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1937–1954 (2021)

    Google Scholar 

  13. EP and CEU. Charter of Fundamental Rights of the European Union (2012). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012P/TXT &from=EN. Accessed: 2020-04-29

  14. EP and CEU. The General Data Protection Regulation (GDPR) (2016). https://eur-lex.europa.eu/eli/reg/2016/679/oj. Accessed: 2019-11-24

  15. Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence, pp. 18–25 (2017)

    Google Scholar 

  16. Feng, Y., Yao, Y., Sadeh, N.: A design space for privacy choices: towards meaningful privacy control in the internet of things. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–16 (2021)

    Google Scholar 

  17. Fernandez, C.B., Lee, L.H., Nurmi, P., Hui, P.: Para: privacy management and control in emerging iot ecosystems using augmented reality. In: ACM International Conference on Multimodal Interaction. Association for Computing Machinery (ACM) (2021)

    Google Scholar 

  18. Flanagan, A.J., King, J., Warren, S.: Redesigning data privacy: reimagining notice & consent for human-technology interaction (2020). https://www3.weforum.org/docs/WEF_Redesigning_Data_Privacy_Report_2020.pdf

  19. Godinho de Matos, M., Adjerid, I.: Consumer consent and firm targeting after gdpr: The case of a large telecom provider. Management Science (2021)

    Google Scholar 

  20. Habib, H., et al.: Toggles, dollar signs, and triangles: how to (in) effectively convey privacy choices with icons and link texts. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–25 (2021)

    Google Scholar 

  21. Harkous, H., Fawaz, K., Lebret, R., Schaub, F., Shin, K.G., Aberer, K.: Polisis: automated analysis and presentation of privacy policies using deep learning. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 531–548 (2018)

    Google Scholar 

  22. Krigolson, O.E., et al.: Using muse: Rapid mobile assessment of brain performance. Frontiers Neurosci. 15 (2021)

    Google Scholar 

  23. Lipman, R.: Online privacy and the invisible market for our data. Penn St. L. Rev. 120, 777 (2015)

    Google Scholar 

  24. McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. Isjlp 4, 543 (2008)

    Google Scholar 

  25. Morel, V., Cunche, M., Le Métayer, D.: A generic information and consent framework for the iot. In: 2019 18th IEEE International Conference on Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 366–373. IEEE (2019)

    Google Scholar 

  26. Norwegian Consumer Council. Surveillance-based advertising: Consumer attitudes to surveillance-based advertising (2021). https://fil.forbrukerradet.no/wp-content/uploads/2021/06/consumer-attitudes-to-surveillance-based-advertising.pdf. Accessed: 2021-12-21

  27. O’Brian, C.: How nationbuilder’s platform steered macron’s en marche, trump, and brexit campaigns to victory (2017). https://venturebeat.com/business/how-nationbuilder-helped-emmanuel-macron-secure-a-landslide-in-frances-legislative-elections/https://venturebeat.com/business/how-nationbuilder-helped-emmanuel-macron-secure-a-landslide-in-frances-legislative-elections/

  28. Peppet, S.R.: Regulating the internet of things: first steps toward managing discrimination, privacy, security and consent. Tex. L. Rev. 93, 85 (2014)

    Google Scholar 

  29. Privacy International. Grounds for processing of personal data (2018). https://privacyinternational.org/sites/default/files/2018-09/Part%205%20-%20Grounds%20for%20Processing%20of%20Personal%20Data_0.pdf. Accessed: 2022-03-17

  30. Privacy International. A guide for policy engagement on data protection : Part 1 Data protection, explained (2018). https://privacyinternational.org/sites/default/files/2018-09/Data%20Protection%20COMPLETE.pdf. Accessed: 2021-12-22

  31. Ravichander, A., Black, A.W., Norton, T., Wilson, S., Sadeh, N.: Breaking down walls of text: how can nlp benefit consumer privacy? In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pp. 4125–4140 (2021)

    Google Scholar 

  32. Richards, N., Hartzog, W.: The pathologies of digital consent. Washington University Law Review 96, 1461 (2018)

    Google Scholar 

  33. Sathyendra, K.M., Wilson, S., Schaub, F., Zimmeck, S., Sadeh, N.: Identifying the provision of choices in privacy policy text. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 2774–2779 (2017)

    Google Scholar 

  34. Schneier, B.: Data and Goliath: The hidden battles to collect your data and control your world. WW Norton & Company (2015)

    Google Scholar 

  35. Schneier, B.: New Data Privacy Regulations (2018). https://www.schneier.com/blog/archives/2018/06/new_data_privac.html. Accessed: 2022–12-18

  36. Sieghart, P.: Privacy and computers (1976)

    Google Scholar 

  37. Solove, D.J.: Murky consent: an approach to the fictions of consent in privacy law. Social Science Research Network (SSRN) (2023)

    Google Scholar 

  38. St Fleur, R.G., St George, S.M., Leite, R., Kobayashi, M., Agosto, Y., Jake-Schoffman, D.E.: Use of fitbit devices in physical activity intervention studies across the life course: narrative review. JMIR mHealth and uHealth 9(5), e23411 (2021)

    Google Scholar 

  39. Susser, D.: Notice after notice-and-consent: why privacy disclosures are valuable even if consent frameworks aren’t. J. Inf. Policy 9, 148–173 (2019)

    Google Scholar 

  40. Ustaran, E.: European Data Protection: Law and Practice. an IAPP Publication, International Association of Privacy Professionals (2018)

    Google Scholar 

  41. Wang, J., Amos, B., Das, A., Pillai, P., Sadeh, N., Satyanarayanan, M.: A scalable and privacy-aware iot service for live video analytics. In: Proceedings of the 8th ACM on Multimedia Systems Conference, pp. 38–49 (2017)

    Google Scholar 

  42. Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)

    Article  Google Scholar 

  43. Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330–1340 (2016)

    Google Scholar 

  44. Working Party on Information Security and Privacy. Inventory of privacy-enhancing technologies (pets) (2002). https://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?doclanguage=en &cote=dsti/iccp/reg%282001%291/final

  45. Zhang, S., Feng, Y., Das, A., Bauer, L., Cranor, L.F., Sadeh, N.: Understanding people’s privacy attitudes towards video analytics technologies. In: Proceedings of the FTC PrivacyCon, pp. 1–18 (2020)

    Google Scholar 

  46. Zuboff, S.: The age of surveillance capitalism: The fight for a human future at the new frontier of power: Barack Obama’s books of 2019. Profile books (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sustainable Communications Technologies, SINTEF Digital, Oslo, Norway

    Shukun Tokas & Gencer Erdogan

Authors
  1. Shukun Tokas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gencer Erdogan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shukun Tokas .

Editor information

Editors and Affiliations

  1. University of Murcia, Murcia, Spain

    Antonio Skarmeta

  2. Politecnico di Torino, Turin, Italy

    Daniele Canavese

  3. Politecnico di Torino, Turin, Italy

    Antonio Lioy

  4. University of Murcia, Murcia, Spain

    Sara Matheu

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tokas, S., Erdogan, G. (2023). A Need for Privacy-Assistive Technology in Notice and Consent Paradigm in IoT. In: Skarmeta, A., Canavese, D., Lioy, A., Matheu, S. (eds) Digital Sovereignty in Cyber Security: New Challenges in Future Vision. CyberSec4Europe 2022. Communications in Computer and Information Science, vol 1807. Springer, Cham. https://doi.org/10.1007/978-3-031-36096-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36096-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36095-4

  • Online ISBN: 978-3-031-36096-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation