A Framework to Support Users’ Privacy Preferences in the Proliferation of IoT

In the proliferation of personal IoT devices, the need for privacy protection becomes an increasing concern. User’s privacy preferences are not being respected in today’s complex IoT scenario, as data sharing among applications becomes a growing phenomenon. The increasing number of applications, IoT devices and list of user’s personal data make the setting of privacy a laborious task for the users. On the other hand, supposedly trusted third parties that access personal data have been recently reported to invade user privacy. Thus, this thesis proposes a privacy framework that computes the risk of users’ sharing preferences, manages user privacy and provides recommendation to ease privacy setting in the advent of IoT. The risk of inferencing unshared user data is computed from the set of shared user data. The framework aims to be GDPR-compliant, which makes third parties declare their access request in accordance with the European Union’s General Data Protection Regulation (GDPR). Semantic Web Technologies are used to model both the user and the third party preferences, which can be represented through the proposed Privacy Preference for the IoT (PPIoT) Ontology. The framework’s personal data manager supports the privacy decision of the user through recommendation of privacy profiles. Using Machine Learning techniques, the identification and recommendation of privacy profiles are done through our crowdsourced dataset, which are collected using current scenarios in the fitness domain. We then examine different personal tracking data and user traits which can potentially drive the recommendation of privacy profiles to the users. Interestingly, our results show several semantic relationships among users’ traits, characteristics and attitudes that are useful in providing privacy recommendations.