We are an international team of researchers with a multidisciplinary background in computer science, law, and cognitive sciences. Our goal is to set new standards in research, education, and practice to address ethical issues in computing. We believe, people's privacy should be protected EVERYWHERE!
The project will benefit different actors: the aim is to support 1) lay-users (data subjects) by empowering them with a user-centric, privacy-friendly, enforceable, and light-weight mechanism to manage consent on the Internet of Things (IoT) systems and ecosystems; as well as 2) data controllers by providing facilitating means to manage and demonstrate valid consent through a standard mechanism.
We address multiple issues related to consent management in the IoT, such as: • the difficulty to retrieve the information about personal data collection required for valid consent in ubiquitous environments, due to the lack of appropriate user interface • the heterogeneity of IoT devices, which makes the development of consent management tools hard to achieve (both the retrieval and the withdrawal of consent) • the limited computational capacities of IoT devices
Due to the issues mentioned above, web-based mechanisms, e.g. ADPC (developed by us), cannot be directly applied to IoT. We will propose a standard consent mechanism to request, retrieve, prove and store consents in the IoT. This standard goes hand in hand with functional software on both data subjects and data controllers side (e.g., respectively, a mobile application and a lightweight snippet).