Victor Morel has recently joined the Sustainable Computing lab. In this blog post, he introduces the project that he has recently successfully finished, i.e. his PhD thesis.
The introduction in 2018 of the General Data Protection Regulation (GDPR) imposes obligations to data controllers on the content of information about personal data collection and processing, and on the means of communication of this information to data subjects. This information is all the more important that it is required for consent, which is one of the legal grounds to process personal data. However, the Internet of Things can pose difficulties to implement lawful information communication and consent management. The tension between the requirements of the GDPR for information and consent and the Internet of Things cannot be easily solved, it is however possible. The goal of his thesis is to provide a solution for information communication and consent management in the Internet of Things from a technological point of view.
A generic framework for information communication and consent management
To do so, he introduced a generic framework for information communication and consent management in the Internet of Things. This framework is composed of a protocol to communicate and negotiate privacy policies, requirements to present information and interact with data subjects, and requirements over the provability of consent.
The feasibility of this generic framework is supported with different options of implementation. The communication of information and consent through privacy policies can be implemented in two different manners: directly and indirectly. Different ways to implement the presentation of information and the provability of consent are then presented. A design space is also provided for systems designers, as a guide for choosing between the direct and the indirect implementations.
Finally, fully functioning prototypes devised to demonstrate the feasibility of the framework’s implementations are presented. The indirect implementation of the framework is illustrated as a collaborative website named Map of Things. The direct implementation combined with the agent presenting information to data subjects is sketched as a mobile application CoIoT.