Data Provenance to Audit Compliance with Privacy Policy in the Internet of Things

Thomas Pasquier, Jatinder Singh, Julia Powles, David Eyers, Margo Seltzer, Jean Bacon

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical enforcement has been incompletely or incorrectly specified. There is a clear role for technical assistance in aligning privacy policy enforcement mechanisms with data protection regulations. The first step necessary in producing technology to accomplish this alignment is to gather evidence of data flows. We describe our work producing, representing and querying audit data and discuss outstanding challenges.
Original languageEnglish
Pages (from-to)333-344
JournalPersonal and Ubiquitous Computing
Volume22
Issue number2
DOIs
Publication statusPublished - 15 Aug 2017
Externally publishedYes

Fingerprint

Data privacy
Compliance
Internet of things
Privacy policies
Auditing
Enforcement
Audit
Personal data
Data protection
Technical assistance
Data flow
Privacy
Alignment
Side effects

Cite this

Pasquier, Thomas ; Singh, Jatinder ; Powles, Julia ; Eyers, David ; Seltzer, Margo ; Bacon, Jean. / Data Provenance to Audit Compliance with Privacy Policy in the Internet of Things. In: Personal and Ubiquitous Computing. 2017 ; Vol. 22, No. 2. pp. 333-344.
@article{fa6e8803ee1c409ab14d1177b09c08c0,
title = "Data Provenance to Audit Compliance with Privacy Policy in the Internet of Things",
abstract = "Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical enforcement has been incompletely or incorrectly specified. There is a clear role for technical assistance in aligning privacy policy enforcement mechanisms with data protection regulations. The first step necessary in producing technology to accomplish this alignment is to gather evidence of data flows. We describe our work producing, representing and querying audit data and discuss outstanding challenges.",
keywords = "technology, data, privacy, Internet of Things",
author = "Thomas Pasquier and Jatinder Singh and Julia Powles and David Eyers and Margo Seltzer and Jean Bacon",
year = "2017",
month = "8",
day = "15",
doi = "10.1007/s00779-017-1067-4",
language = "English",
volume = "22",
pages = "333--344",
journal = "Personal and Ubiquitous Computing",
issn = "1617-4909",
publisher = "Springer",
number = "2",

}

Data Provenance to Audit Compliance with Privacy Policy in the Internet of Things. / Pasquier, Thomas; Singh, Jatinder; Powles, Julia; Eyers, David; Seltzer, Margo; Bacon, Jean.

In: Personal and Ubiquitous Computing, Vol. 22, No. 2, 15.08.2017, p. 333-344.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Data Provenance to Audit Compliance with Privacy Policy in the Internet of Things

AU - Pasquier, Thomas

AU - Singh, Jatinder

AU - Powles, Julia

AU - Eyers, David

AU - Seltzer, Margo

AU - Bacon, Jean

PY - 2017/8/15

Y1 - 2017/8/15

N2 - Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical enforcement has been incompletely or incorrectly specified. There is a clear role for technical assistance in aligning privacy policy enforcement mechanisms with data protection regulations. The first step necessary in producing technology to accomplish this alignment is to gather evidence of data flows. We describe our work producing, representing and querying audit data and discuss outstanding challenges.

AB - Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical enforcement has been incompletely or incorrectly specified. There is a clear role for technical assistance in aligning privacy policy enforcement mechanisms with data protection regulations. The first step necessary in producing technology to accomplish this alignment is to gather evidence of data flows. We describe our work producing, representing and querying audit data and discuss outstanding challenges.

KW - technology

KW - data

KW - privacy

KW - Internet of Things

U2 - 10.1007/s00779-017-1067-4

DO - 10.1007/s00779-017-1067-4

M3 - Article

VL - 22

SP - 333

EP - 344

JO - Personal and Ubiquitous Computing

JF - Personal and Ubiquitous Computing

SN - 1617-4909

IS - 2

ER -