Improving IoT device transparency by means of privacy labels
by Alexandr Railean
Date of Examination:2022-03-28
Date of issue:2022-05-20
Advisor:Prof. Dr. Delphine Reinhardt
Referee:Prof. Dr. Dr. Simone Fischer-Hübner
Referee:Prof. Dr. Florin Manea
Referee:Prof. Dr. Kerstin Strecker
Referee:Prof. Dr. Carsten Damm
Referee:Prof. Dr. Dieter Hogrefe
Files in this item
Format:OCTET-STREAMDescription:Thesis, no affidavit and no CV, with a DOI on the title page.
EnglishThe Internet of Things (IoT) is an umbrella-term that applies to sensors, actuators and other devices that can interact with each other, or with other systems over the Internet. This technology has the potential to improve our quality of life, bringing more convenience, increasing the efficiency of existing systems, or creating new opportunities that did not exist in the past. The growth of IoT is catalyzed by advances in manufacturing techniques, which make it possible to pack more computing power into smaller devices, at a lower cost. This, in turn, accelerates the transition of IoT to the mass-market. However, this trend has its downsides. As IoT devices grow in number and diversity, large volumes of data can end up under the control of companies that provide such products. The data can potentially be used to infer personal information about users, hence undermine their privacy. The problem is exacerbated by the improved connectivity of modern systems, which facilitates the quick distribution of data around the world, and complicates attempts to "put it back into Pandora's box" once the data are out. The General Data Protection Regulation (GDPR) introduces counter-measures to address these privacy issues. One of these measures is transparency, which requires that users understand how personal data are handled before they consent to sharing such information. However, the GDPR does not state exactly in what way companies should present this information to users, therefore our research aims to close this gap. This dissertation takes a cross-disciplinary approach while tackling the problem of IoT transparency, and considers its usability, privacy and legal aspects. It proposes a "privacy facts" label for IoT product boxes, and an online interface that augments the label with search, sort and filtering capabilities. Both, the label and the interface are the result of a human-centered design approach. The thesis presents the rationale behind the design choices, the qualitative and quantitative methods we used to validate these designs with the participants of our studies, as well as the results of these evaluations.
Keywords: privacy; transparency; GDPR; IoT; usability; Internet of Things