IoTSec:Privacy Label explanation


Jump to: navigation, search
Security in IoT for Smart Grids
Home Research Security Centre Publications Student corner About


During the IoTSec Workshop in Nov2017 with privacy and security experts we established both process details for considering privacy, influence of data types and parameters, grading of privacy (A-F), and identified open issues. The topics addressed hear are seen as work in progress.

Four areas regarding the process of data related to privacy

  1. which data are collected
  2. sharing to my phone, my cloud, public cloud,...
  3. data communication integrity and storage
  4. further distribution of data, ownership of data, further processing

In addition come the "right to be forgotten", correction and deleting of "wrong" data

Influence on data types

  • freshness of data
  • consent,
  • level of control,
  • notion of data sensitivity
  • transparency

Influence parameters

  • data
  • control functionality
  • security techniques
  • accountability
  • access to data

Open issues

  • access control (authentication) - transparency of authentication level
  • maintenance and update

Level A++

  • no data are shared

Level A+

Level A - Very high

  • restricted use of data to purpose only (particular service)
  • supplier should bear the risk of incidents, e.g. they rather than I get penalised when things go wrong - equivalent to finansavtaleloven
  • if device is stolen - nobody else

Level B

  • specify the data to be collected, re-use for statistical data only, ensured integrity
  • customizable access control, eg.. add stronger authentication or consent requirements
  • must be able to trade off the various security requirements, e.g. confidentiality agains availability - i.e. I want flexibility
  • compliance with other standards - and this be listed (information requirement) - clipper compatible
  • anonymity of my interaction with the supplier
  • customer can control with how the information is transferred and used by a third party

Level C

  • data are collected without control (GPS+activity+heart rate), re-use only for statistical, encrypted storage
  • must be possible to withdraw consent - and that this results in all relevant information being deleted - and proof of deletion

Level D

  • data are collected, transparency of re-use
  • Data is not sold without consent/knowledge
  • transparency - I get told about the criteria that the supplier has used in their information classification
  • Information is only used for its legitimate purpose

Level E

  • collected data, no transparency of re-use
  • in compliance with GDPR
  • if data is stolen, I will get told
  • notification if DSO is hacked

Level F - Failure

  • no privacy, no control of data, everyone can see
  • nothing , no expectations

Other aspects

Ongoing discussion that A-F might be too many levels to be considered, and that one should focus on only three levels (A-C), where C is compliance with GDPR.