Home > Research > Publications & Outputs > Informed by Design

Electronic data

  • Informed by Design (pre-print)

    Accepted author manuscript, 8.78 MB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License


Text available via DOI:

View graph of relations

Informed by Design

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Publication date14/06/2018
Host publicationProceedings of the Living in the Internet of Things: Cyber Security of the IoT Conference
Number of pages12
ISBN (electronic)9781785618437
<mark>Original language</mark>English


The current (and future) adoption of the IoT has, for some time, stimulated debate about the broader implications for privacy, ethics, trust and security that the IoT. Given the IoT's penchant for generating and utilising various (oftentimes somewhat personal) data, the European Union's (EU) forthcoming General Data Protection Regulations (GDPR) will have a significant impact on how the IoT is regulated. As with the term IoT the interpretation of GDPR is generating its own discourses particularly around how wording within the regulation is turned into implementation. The paper begins by critiquing the term Privacy by Design (PbD), and an alternate form which appears in article 25 of the GDPR Data protection by design and default. We note that these two phrases are in fact part of a broader group which inexhaustively includes: Security by Design, Privacy by Default, Security by Default, Data Protection by Design, Data Protection by Default. Our critique does not concern the sentiments or intentions represented by these phrases, or PbD per se, but highlights ambiguities and potentially misleading interpretations that their invocation promotes. After exploring these potential pitfalls, we go on to discuss design-led research that positions Informed by Design as a more fruitful approach to creating IoT devices and services which can more meaningfully respond to concerns about privacy, ethics, trust and security.