Abstract
Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague and could be challenging to extract and enact such legal requirements. In this article, we have conducted a systematic analysis of the privacy and data protection laws that are used across different continents, namely (i) General Data Protection Regulations, (ii) the Personal Information Protection and Electronic Documents Act, (iii) the California Consumer Privacy Act, (iv) Australian Privacy Principles, and (v) New Zealand’s Privacy Act 1993. Then, we used framework analysis method to attain a comprehensive view of different privacy and data protection laws and highlighted the disparities to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, the key principles and individuals’ rights of the CPLF were mapped with Privacy by Design (PbD) schemes (e.g., privacy principles, strategies, guidelines, and patterns) developed previously by different researchers to investigate the gaps in existing schemes. Subsequently, we have demonstrated how to apply and map privacy patterns into IoT architectures at the design stage and have also highlighted the complexity of doing such mapping. Finally, we have identified the major challenges that should be addressed and potential research directions to take the burden off software developers when applying privacy-preserving techniques that comply with privacy and data protection laws. We have released a companion technical report [3] that comprises all definitions, detailed steps on how we developed the CPLF, and detailed mappings between CPLF and PbD schemes.
Highlights
Due to the potential of Internet of Things (IoT) applications to derive sensitive information about individuals [49], developers1 must exercise due diligence so that users’ privacy is protected in accordance with the regulations of privacy and data protection laws
There is an IoT gateway inside the car, which is operated by the car company and is capable of communicating with the sensor via Bluetooth
Once the person needs to know his/her car location, he/she can access their mobile application on the mobile device and request the car location through a WiFi or mobile connection
Summary
Due to the potential of Internet of Things (IoT) applications to derive sensitive information about individuals [49], developers must exercise due diligence so that users’ privacy is protected in accordance with the regulations of privacy and data protection laws. Building an IoT application is a complex process compared to desktop, mobile, or web applications [14]. This is due to the IoT containing various physical objects or nodes of different computing, sensing, and actuation capabilities, along with being able to communicate between each other and other systems in order to gather and exchange data [49]. The heterogeneous nature of IoT necessitates that both software and hardware should work together, for example sensors and actuators, across a variety of nodes, including mobile phones and cloud platforms, due to them having varying capabilities depending on different conditions [48]. The complexity of IoT architecture results in a lack of integrated development stacks, with different software engineering specialists collaborating to support end-to-end IoT applications [47]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
