Abstract
Data privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation is carried out on their (personal) data by smart devices or cloud-hosted services. Blockchains provide the benefits of a distributed and immutable ledger recording digital transactions across a global network of peer nodes. Blockchain support for tracking of operations carried out by an IoT-based system provides greater confidence to a user that the IoT device is not infringing user privacy (as the Blockchain can be audited to verify which operation was carried out, by which actor). A formal model (following the privacy-by-design approach) is proposed for supporting GDPR compliance checking for smart devices. The privacy requirements of such applications are related to GDPR obligations of device (and software systems) operators (such as user consent, data protection, right to forget etc). Three smart contracts are proposed as a practical solution to support automated verification of operations carried out by devices on user data, in accordance with GDPR rules. We evaluate the performance and scalability costs of our approach using a Blockchain test network.
Highlights
T HE rapid growth in the usage of Internet of Things (IoT) devices has led to the emergence of various IoT-based applications in domains such as energy consumption and utility monitoring, smart buildings, transportation, healthcare and assisted living environments [1]
Some IoT customers may set their wearable devices in broadcast mode and when they are within discoverable range, any other smart object can access their personal data by sending unsafe requests
Security operations are primarily application layer services that are used in the proposed model – the key focus is on data privacy and relationship to the General Data Protection Regulation (GDPR) legislation
Summary
T HE rapid growth in the usage of Internet of Things (IoT) devices has led to the emergence of various IoT-based applications in domains such as energy consumption and utility monitoring, smart buildings, transportation, healthcare and assisted living environments [1]. We acknowledge that a more general consideration of GDPR compliance checking is a challenge – and outside the scope of this work Both Blockchain and smart contracts have been deployed in IoT devices to enhance transparency, trust and data privacy analysis as reviewed in [13]–[15]. Specification of business processes to support data analysis from IoT devices (in the context of the proposed scenario), and a formal description of the associated privacy policies;. Security operations (e.g. user authentication, encryption, etc) are primarily application layer services that are used in the proposed model – the key focus is on data privacy and relationship to the GDPR legislation (references to particular articles in the legislation are provided to cross reference the mentioned electronicallysupported obligations reported in this work).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
