A Need for Privacy-Assistive Technology in Notice and Consent Paradigm in IoT
Chapter
Accepted version
Date
2023Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5674]
- SINTEF Digital [2416]
Original version
Digital Sovereignty in Cyber Security: New Challenges in Future Vision: First International Workshop, CyberSec4Europe 2022, Venice, Italy, April 17–21, 2022, Revised Selected Papers. 2023, 35-49. 10.1007/978-3-031-36096-1_3Abstract
A privacy notice is a document/notification that is addressed to consumers, describing how their personal information will be handled. While browsing the Internet, installing an app on smartphone, setting up a smart sensor or IoT devices in personal spaces, consumers are often asked to consent to privacy notices. Ideally, the consumer is expected to read and understand the notice and give an informed consent. These notices are often lengthy and complicated, containing legal-technical jargons and ambiguous statements describing commercial use of personal data. Most people reflexively choose “I consent”, unknowingly agreeing to unfair-deceptive practices. Given the ubiquity of IoT and thus ubiquity of (personal) data collection, the reliance on notice and consent is inappropriate. In this article, we present the challenges of the notice and consent paradigm, and explore the idea of privacy-assistive solutions to enhance consumer privacy awareness and control in IoT.