By 2020, an individual is expected to own an average of 6.58 devices that share and integrate a wealth of personal user data. The management of privacy preferences across these devices is a complex task for which users are ill-equipped, which increases privacy risks. In this paper we propose an approach that exploits Semantic Web (SW) technology to manage the user’s IoT privacy preferences and negotiate the permissions for data sharing with third parties. SW technology comprises a web of data that can be processed by machines through a formal, universally shared representation. In our approach, SW enables a lightweight and interoperable communication between a Personal Data Manager (PDM) and the Third Parties (TPs) that request access to the user’s personal data. The PDM can handle multiple heterogeneous personal IoT devices and manages the negotiation process between the user and the TPs in a way that can relieve users from the burden of specifying their privacy requirement for each TP. The core of the approach is the definition of the Privacy Preference for IoT (PPIoT) Ontology which is based on the Privacy Preference Ontology, the W3C Semantic Sensor Network Ontology, the Fair Information Practices (FIP) principles, and state-of-the-art recommendation techniques for privacy protection in the IoT. This ontology aims to capture the complexity of privacy management in the IoT paradigm in light of the recent General Data Protection Regulation (GDPR) of the European Union. Along with presenting the ontology, in this paper we will provide an example on how to use the PPIoT ontology for the management of privacy preferences in the fitness IoT domain and we will show how the PDM handles the process of negotiation between the user and the TPs. The approach is based on an interactive PPIoT-based Privacy Preference Model (PPM) that meets the requirements of the GDPR to have transparent and simple TP privacy policies. Finally, we will report the results of an evaluation on a mockup fitness app that implements this PPM. The main contributions of this paper are: (i) to propose an ontology for privacy preference in the IoT context, which covers a knowledge gap in existing literature and can be used for IoT privacy management, (ii) to propose an interactive PPIoT-based Privacy Preference Model, which is in accordance with the GDPR objectives.
Semantic-based Privacy Settings Negotiation and Management
Odnan Ref Sanchez;Ilaria Torre;
2020-01-01
Abstract
By 2020, an individual is expected to own an average of 6.58 devices that share and integrate a wealth of personal user data. The management of privacy preferences across these devices is a complex task for which users are ill-equipped, which increases privacy risks. In this paper we propose an approach that exploits Semantic Web (SW) technology to manage the user’s IoT privacy preferences and negotiate the permissions for data sharing with third parties. SW technology comprises a web of data that can be processed by machines through a formal, universally shared representation. In our approach, SW enables a lightweight and interoperable communication between a Personal Data Manager (PDM) and the Third Parties (TPs) that request access to the user’s personal data. The PDM can handle multiple heterogeneous personal IoT devices and manages the negotiation process between the user and the TPs in a way that can relieve users from the burden of specifying their privacy requirement for each TP. The core of the approach is the definition of the Privacy Preference for IoT (PPIoT) Ontology which is based on the Privacy Preference Ontology, the W3C Semantic Sensor Network Ontology, the Fair Information Practices (FIP) principles, and state-of-the-art recommendation techniques for privacy protection in the IoT. This ontology aims to capture the complexity of privacy management in the IoT paradigm in light of the recent General Data Protection Regulation (GDPR) of the European Union. Along with presenting the ontology, in this paper we will provide an example on how to use the PPIoT ontology for the management of privacy preferences in the fitness IoT domain and we will show how the PDM handles the process of negotiation between the user and the TPs. The approach is based on an interactive PPIoT-based Privacy Preference Model (PPM) that meets the requirements of the GDPR to have transparent and simple TP privacy policies. Finally, we will report the results of an evaluation on a mockup fitness app that implements this PPM. The main contributions of this paper are: (i) to propose an ontology for privacy preference in the IoT context, which covers a knowledge gap in existing literature and can be used for IoT privacy management, (ii) to propose an interactive PPIoT-based Privacy Preference Model, which is in accordance with the GDPR objectives.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.