Accepted author manuscript, 8.78 MB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Licence: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Informed by Design
AU - Lindley, Joseph Galen
AU - Coulton, Paul
AU - Cooper, Rachel
PY - 2018/6/14
Y1 - 2018/6/14
N2 - The current (and future) adoption of the IoT has, for some time, stimulated debate about the broader implications for privacy, ethics, trust and security that the IoT. Given the IoT's penchant for generating and utilising various (oftentimes somewhat personal) data, the European Union's (EU) forthcoming General Data Protection Regulations (GDPR) will have a significant impact on how the IoT is regulated. As with the term IoT the interpretation of GDPR is generating its own discourses particularly around how wording within the regulation is turned into implementation. The paper begins by critiquing the term Privacy by Design (PbD), and an alternate form which appears in article 25 of the GDPR Data protection by design and default. We note that these two phrases are in fact part of a broader group which inexhaustively includes: Security by Design, Privacy by Default, Security by Default, Data Protection by Design, Data Protection by Default. Our critique does not concern the sentiments or intentions represented by these phrases, or PbD per se, but highlights ambiguities and potentially misleading interpretations that their invocation promotes. After exploring these potential pitfalls, we go on to discuss design-led research that positions Informed by Design as a more fruitful approach to creating IoT devices and services which can more meaningfully respond to concerns about privacy, ethics, trust and security.
AB - The current (and future) adoption of the IoT has, for some time, stimulated debate about the broader implications for privacy, ethics, trust and security that the IoT. Given the IoT's penchant for generating and utilising various (oftentimes somewhat personal) data, the European Union's (EU) forthcoming General Data Protection Regulations (GDPR) will have a significant impact on how the IoT is regulated. As with the term IoT the interpretation of GDPR is generating its own discourses particularly around how wording within the regulation is turned into implementation. The paper begins by critiquing the term Privacy by Design (PbD), and an alternate form which appears in article 25 of the GDPR Data protection by design and default. We note that these two phrases are in fact part of a broader group which inexhaustively includes: Security by Design, Privacy by Default, Security by Default, Data Protection by Design, Data Protection by Default. Our critique does not concern the sentiments or intentions represented by these phrases, or PbD per se, but highlights ambiguities and potentially misleading interpretations that their invocation promotes. After exploring these potential pitfalls, we go on to discuss design-led research that positions Informed by Design as a more fruitful approach to creating IoT devices and services which can more meaningfully respond to concerns about privacy, ethics, trust and security.
KW - Privacy by Design
KW - Data Protection
KW - GDPR
KW - Informed by Design
U2 - 10.1049/cp.2018.0022
DO - 10.1049/cp.2018.0022
M3 - Conference contribution/Paper
BT - Proceedings of the Living in the Internet of Things
PB - IEEE
ER -