Abstract
A privacy notice is a document/notification that is addressed to consumers, describing how their personal information will be handled. While browsing the Internet, installing an app on smartphone, setting up a smart sensor or IoT devices in personal spaces, consumers are often asked to consent to privacy notices. Ideally, the consumer is expected to read and understand the notice and give an informed consent. These notices are often lengthy and complicated, containing legal-technical jargons and ambiguous statements describing commercial use of personal data. Most people reflexively choose “I consent”, unknowingly agreeing to unfair-deceptive practices. Given the ubiquity of IoT and thus ubiquity of (personal) data collection, the reliance on notice and consent is inappropriate. In this article, we present the challenges of the notice and consent paradigm, and explore the idea of privacy-assistive solutions to enhance consumer privacy awareness and control in IoT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Acquisti, A., Brandimarte, L., Loewenstein, G.: Secrets and likes: the drive for privacy and the difficulty of achieving it in the digital age. J. Consum. Psychol. 30(4), 736–758 (2020)
Amos, R., Acar, G., Lucherini, E., Kshirsagar, M., Narayanan, A., Mayer, J.: Privacy policies over time: curation and analysis of a million-document dataset. In: Proceedings of the Web Conference 2021, pp. 2165–2176 (2021)
Ashton, K.: That ‘Internet of Things’ thing. RFiD J. 22(7) (2011)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Barth, S., De Jong, M.D.T.: The privacy paradox-investigating discrepancies between expressed privacy concerns and actual online behavior-a systematic literature review. Telematics Inform. 34(7), 1038–1058 (2017)
Bella, K., Carugati, C., Mulligan, C., Piekarska-Geater, M.: Data for common purpose:leveraging consent to build trust. https://www.weforum.org/whitepapers/data-for-common-purpose-leveraging-consent-to-build-trust/ (2021)
Breaux, T., et al.: An Introduction to privacy for technology professionals. IAPP Publication (2020)
Cisco. The iot value/trust paradox: Building trust and value in the data exchange between people, things and providers (2017). https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2017/m12/cisco-survey-reveals-divide-between-iot-value-and-trust.html. Accessed: 2021-12-21
Cisco. Consumer privacy survey: The growing imperative of getting data privacy right (2019). https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/cybersecurity-series-2019-cps.pdf. Accessed: 2022-01-06
CNIL. The CNIL’s restricted committee imposes a financial penalty of 50 million euros against google llc (2019). https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc
Emami-Naeini, P., et al.: Privacy expectations and preferences in an iot world. In: Thirteenth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2017), pp. 399–412 (2017)
Emami-Naeini, P., Dheenadhayalan, J., Agarwal, Y., Cranor, L.F.: Which privacy and security attributes most impact consumers’ risk perception and willingness to purchase IoT devices? In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1937–1954 (2021)
EP and CEU. Charter of Fundamental Rights of the European Union (2012). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012P/TXT &from=EN. Accessed: 2020-04-29
EP and CEU. The General Data Protection Regulation (GDPR) (2016). https://eur-lex.europa.eu/eli/reg/2016/679/oj. Accessed: 2019-11-24
Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence, pp. 18–25 (2017)
Feng, Y., Yao, Y., Sadeh, N.: A design space for privacy choices: towards meaningful privacy control in the internet of things. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–16 (2021)
Fernandez, C.B., Lee, L.H., Nurmi, P., Hui, P.: Para: privacy management and control in emerging iot ecosystems using augmented reality. In: ACM International Conference on Multimodal Interaction. Association for Computing Machinery (ACM) (2021)
Flanagan, A.J., King, J., Warren, S.: Redesigning data privacy: reimagining notice & consent for human-technology interaction (2020). https://www3.weforum.org/docs/WEF_Redesigning_Data_Privacy_Report_2020.pdf
Godinho de Matos, M., Adjerid, I.: Consumer consent and firm targeting after gdpr: The case of a large telecom provider. Management Science (2021)
Habib, H., et al.: Toggles, dollar signs, and triangles: how to (in) effectively convey privacy choices with icons and link texts. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–25 (2021)
Harkous, H., Fawaz, K., Lebret, R., Schaub, F., Shin, K.G., Aberer, K.: Polisis: automated analysis and presentation of privacy policies using deep learning. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 531–548 (2018)
Krigolson, O.E., et al.: Using muse: Rapid mobile assessment of brain performance. Frontiers Neurosci. 15 (2021)
Lipman, R.: Online privacy and the invisible market for our data. Penn St. L. Rev. 120, 777 (2015)
McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. Isjlp 4, 543 (2008)
Morel, V., Cunche, M., Le Métayer, D.: A generic information and consent framework for the iot. In: 2019 18th IEEE International Conference on Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 366–373. IEEE (2019)
Norwegian Consumer Council. Surveillance-based advertising: Consumer attitudes to surveillance-based advertising (2021). https://fil.forbrukerradet.no/wp-content/uploads/2021/06/consumer-attitudes-to-surveillance-based-advertising.pdf. Accessed: 2021-12-21
O’Brian, C.: How nationbuilder’s platform steered macron’s en marche, trump, and brexit campaigns to victory (2017). https://venturebeat.com/business/how-nationbuilder-helped-emmanuel-macron-secure-a-landslide-in-frances-legislative-elections/https://venturebeat.com/business/how-nationbuilder-helped-emmanuel-macron-secure-a-landslide-in-frances-legislative-elections/
Peppet, S.R.: Regulating the internet of things: first steps toward managing discrimination, privacy, security and consent. Tex. L. Rev. 93, 85 (2014)
Privacy International. Grounds for processing of personal data (2018). https://privacyinternational.org/sites/default/files/2018-09/Part%205%20-%20Grounds%20for%20Processing%20of%20Personal%20Data_0.pdf. Accessed: 2022-03-17
Privacy International. A guide for policy engagement on data protection : Part 1 Data protection, explained (2018). https://privacyinternational.org/sites/default/files/2018-09/Data%20Protection%20COMPLETE.pdf. Accessed: 2021-12-22
Ravichander, A., Black, A.W., Norton, T., Wilson, S., Sadeh, N.: Breaking down walls of text: how can nlp benefit consumer privacy? In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pp. 4125–4140 (2021)
Richards, N., Hartzog, W.: The pathologies of digital consent. Washington University Law Review 96, 1461 (2018)
Sathyendra, K.M., Wilson, S., Schaub, F., Zimmeck, S., Sadeh, N.: Identifying the provision of choices in privacy policy text. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 2774–2779 (2017)
Schneier, B.: Data and Goliath: The hidden battles to collect your data and control your world. WW Norton & Company (2015)
Schneier, B.: New Data Privacy Regulations (2018). https://www.schneier.com/blog/archives/2018/06/new_data_privac.html. Accessed: 2022–12-18
Sieghart, P.: Privacy and computers (1976)
Solove, D.J.: Murky consent: an approach to the fictions of consent in privacy law. Social Science Research Network (SSRN) (2023)
St Fleur, R.G., St George, S.M., Leite, R., Kobayashi, M., Agosto, Y., Jake-Schoffman, D.E.: Use of fitbit devices in physical activity intervention studies across the life course: narrative review. JMIR mHealth and uHealth 9(5), e23411 (2021)
Susser, D.: Notice after notice-and-consent: why privacy disclosures are valuable even if consent frameworks aren’t. J. Inf. Policy 9, 148–173 (2019)
Ustaran, E.: European Data Protection: Law and Practice. an IAPP Publication, International Association of Privacy Professionals (2018)
Wang, J., Amos, B., Das, A., Pillai, P., Sadeh, N., Satyanarayanan, M.: A scalable and privacy-aware iot service for live video analytics. In: Proceedings of the 8th ACM on Multimedia Systems Conference, pp. 38–49 (2017)
Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)
Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330–1340 (2016)
Working Party on Information Security and Privacy. Inventory of privacy-enhancing technologies (pets) (2002). https://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?doclanguage=en &cote=dsti/iccp/reg%282001%291/final
Zhang, S., Feng, Y., Das, A., Bauer, L., Cranor, L.F., Sadeh, N.: Understanding people’s privacy attitudes towards video analytics technologies. In: Proceedings of the FTC PrivacyCon, pp. 1–18 (2020)
Zuboff, S.: The age of surveillance capitalism: The fight for a human future at the new frontier of power: Barack Obama’s books of 2019. Profile books (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tokas, S., Erdogan, G. (2023). A Need for Privacy-Assistive Technology in Notice and Consent Paradigm in IoT. In: Skarmeta, A., Canavese, D., Lioy, A., Matheu, S. (eds) Digital Sovereignty in Cyber Security: New Challenges in Future Vision. CyberSec4Europe 2022. Communications in Computer and Information Science, vol 1807. Springer, Cham. https://doi.org/10.1007/978-3-031-36096-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-36096-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36095-4
Online ISBN: 978-3-031-36096-1
eBook Packages: Computer ScienceComputer Science (R0)