09 Sep 2019
Session Block—Standards and Applications 16:00 - 16:20

Smart home environments are currently insecure spaces. They create situational and informational data privacy threats that keep materialising. Data subjects should be aware of those risks and be able to adjust privacy settings. It is therefore important to consider how cybersecurity standards deal with data protection law requirements in the context of smart devices. In our presentation, we would like to focus on the topic of consent in the context of IoT products used by people living with dementia (PwD) inside their own homes. PwD are an example of vulnerable members of society who should be taken into consideration by those designing and deploying smart devices in peoples' homes.

Dementia is an important public health concern. According to Alzheimer's Research UK, there are currently around 850 000 PwD in the United Kindom and this number keeps rising. As a consequence, an increasing number of PwD will live within smart homes. Companies and organisations are already targeting PwD with IoT devices that aim to support their daily life routines, provide them with meaningful activities or improve their medical condition. Smart devices not specifically designed for PwD are also often used in their homes every day. In this analysis, we will focus on the latter.

People with various health conditions have been able to live more autonomously as a result of technological advances. This has been the subject of a longstanding line of research in computing entitled ambient assisted living. The use of IoT is just the latest development in this field. While cybersecurity standards provide generic guidance on the design of IoT devices, it remains unclear whether they effectively address data privacy problems. For cybersecurity standards to serve their purpose to facilitate compliance with law, they must both properly translate the relevant principles and rules into a technical language, and also capture the serious risks presented in a particular field. Consenting to data privacy policies of IoT devices in the homes of PwD offers a helpful case study to examine the effectiveness of cybersecurity standards and current legislation.

Smart home devices should be designed in a way that makes them safe and accessible for all groups of people, including people with dementia. In the context of data protection regulations related to consent, do cybersecurity standards support vulnerable groups of people such as PwD and facilitate compliance? For example, do they ensure that information about data privacy processing by IoT devices is adequately provided to PwD? Do current IoT devices satisfy legislative requirements and standards related to consent?

Our presentation will be divided into three parts: first, some background information about IoT devices, the insecurity of smart homes and the needs of PwD will be provided (I). Second, we will describe sources used to identify cybersecurity standards related to consent and discuss the content of those standards (II). Third, such standards will be assessed against particular risks for PwD in an IoT setting through the case study of a smart door lock. Propositions for future standards to make consent mechanisms more effective will be also provided (III).

Horizon Centre for Doctoral Training, University of Nottingham
PhD Candidate


Discussion not started yet.