TPRC45 has ended
Friday, September 8 • 4:43pm - 5:15pm
Information Policy Dimension of Emerging Technologies

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
During the past decades Information and Communication Technology (ICT) has changed patterns in which humans interact and use machines. In more recent years ICT has enabled connecting more and more devices, even very small ones, to the Internet and to the Cloud, commonly referred to as Internet-of-Things (IoT) [2, 3]. According to Gartner Inc. [4] there will be nearly 20.8 billion devices or sensors connected as IoT by 2020. These devices, along with smartphones, tablets, and computers, will generate twice as much data today as they did two years ago, and the trend is expected to continue. Hence, the world does see the cusp of a Big Data evolution. On one hand, Big Data analytics will continue to discover hidden patterns, predictions, and correlations in large datasets, which will in turn influence human activities and decisions in a plethora of fields, such as infrastructure and energy management, transportation systems, medical research, and home automation. But on the other hand, it raises visible concerns in terms of privacy, data security, and consumer protection in general. Some of the specific challenges in this context include (a) storage, processing, and deletion of the data itself, (b) personal information and identity protection of the individual, and (c) the inclusion and impact of initially unknown or unintended meta data due to data analysis. Concepts, technologies, security schemes and applications of trust are essential for IoT, especially for offered services, and have been addressed during the past years [5]. Any security, privacy and trust solutions developed in the research community can be categorized as follows, with each having different consequences for the users: (1) Either high security, trust and privacy are supported by the architecture and network structure of the solution. Resulting IoT services are user-unfriendly and have technical drawbacks (in terms of performance, energy and memory consumption, computational capacity) for the IoT devices (e.g., smartphones, smart-watches) and users. (2) Or desired security, trust and privacy levels are only supported to a limited extent or not realized at all and, thus, it contradicts the user’s request for controlling information disclosure in a secure and trustworthy manner.

The European Union has published the General Data Protection Regulation (EU-DSGVO) [1] in 2016 (with its implementation due in May 2018) and the Federal Trade Commission (FTC) of the United States of America released a report in 2015 that impacts the way device manufacturers, application developers, and other entities involved in IoT design, devise, and use the data generated from IoT-based devices, systems, and applications. EU-DSGVO will be applicable, if the data controller or processor (organization) or the data subject (person) is based in the EU. EU-DSGVO, however, already conflicts with other non-European laws and regulations (e.g., EU-US Privacy Shield) and practices (e.g., surveillance by governments). Organizations in such countries can no longer be considered acceptable for processing EU personal data. 

Therefore, the main contribution of this paper is to show how today IoT and Big Data are influenced by security, privacy, and trust aspects from the national, regional, and international legal and regulatory perspective. The scope of studying the major subset of these laws, acts, and policies is restricted to Switzerland (CH), the European Union (EU), and the United States of America (USA). Finally, by taking a detailed look into possible next steps, a set of recommendations is provided for organizations planning to invest in the development of IoT and Big Data analytics from the technical and information policy perspective.

[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119, Apr. 27, 2016, http://eur- lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=DE, last access March 30, 2017.
[2] European Parliament: The Internet of Things – Opportunities and Challenges, May 2015, http://www.europarl.europa.eu/RegData/etudes/BRIE/2015/557012/EPRS_BRI(2015)557012_EN.pdf.
[3] ITU-T Recommendation Y.2060: Overview of the Internet of Things, June 2012, http://www.itu.int/itu-t/recommendations/rec.aspx?rec=Y.2060.
[4] R. von der Maulen: Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015, Gartner Inc., http://www.gartner.com/newsroom/ id/3165317, November 10, 2015.
[5] O. Vermesan, P. Friess: Internet-of-Things: Converging Technologies for Smart Environments and Integrated Ecosystems. River Publishers, Aalborg, Denmark, 2013.


Radhika Garg

Syracuse University


Friday September 8, 2017 4:43pm - 5:15pm
ASLS Hazel - Room 120

Attendees (17)