Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

GDPR compliance verification in Internet of Things

Barati, Masoud, Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646, Petri, Ioan ORCID: https://orcid.org/0000-0002-1625-8247 and Theodorakopoulos, George ORCID: https://orcid.org/0000-0003-2701-7809 2020. GDPR compliance verification in Internet of Things. IEEE Access 8 , pp. 119697-119709. 10.1109/ACCESS.2020.3005509

[thumbnail of 09127459.pdf] PDF - Published Version
Available under License Creative Commons Attribution.

Download (2MB)
License URL: http://creativecommons.org/licenses/by/4.0
License Start date: 29 June 2020

Abstract

Data privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation is carried out on their (personal) data by smart devices or cloud-hosted services. Blockchains provide the benefits of a distributed and immutable ledger recording digital transactions across a global network of peer nodes. Blockchain support for tracking of operations carried out by an IoT-based system provides greater confidence to a user that the IoT device is not infringing user privacy (as the Blockchain can be audited to verify which operation was carried out, by which actor). A formal model (following the privacy-by-design approach) is proposed for supporting GDPR compliance checking for smart devices. The privacy requirements of such applications are related to GDPR obligations of device (and software systems) operators (such as user consent, data protection, right to forget etc). Three smart contracts are proposed as a practical solution to support automated verification of operations carried out by devices on user data, in accordance with GDPR rules. We evaluate the performance and scalability costs of our approach using a Blockchain test network.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Engineering
Computer Science & Informatics
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
ISSN: 2169-3536
Funders: EPSRC
Date of First Compliant Deposit: 2 July 2020
Date of Acceptance: 24 June 2020
Last Modified: 09 Jul 2023 16:24
URI: https://orca.cardiff.ac.uk/id/eprint/132909

Citation Data

Cited 10 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics