Skip to Main content Skip to Navigation
Conference papers

Assessing Privacy Policies of Internet of Things Services

Niklas Paul 1 Welderufael Tesfay 1 Dennis-Kenji Kipker 2 Mattea Stelter 2 Sebastian Pape 1
1 Goethe-University Frankfurt am Main
2 University of Bremen
Abstract : This paper provides an assessment framework for privacy policies of Internet of Things Services which is based on particular GDPR requirements. The objective of the framework is to serve as supportive tool for users to take privacy-related informed decisions. For example when buying a new fitness tracker, users could compare different models in respect to privacy friendliness or more particular aspects of the framework such as if data is given to a third party. The framework consists of 16 parameters with one to four yes-or-no-questions each and allows the users to bring in their own weights for the different parameters. We assessed 110 devices which had 94 different policies. Furthermore, we did a legal assessment for the parameters to deal with the case that there is no statement at all regarding a certain parameter. The results of this comparative study show that most of the examined privacy policies of IoT devices/services are insufficient to address particular GDPR requirements and beyond. We also found a correlation between the length of the policy and the privacy transparency score, respectively.
Keywords : Internet of Things General Data Protection Regulation GDPR ePrivacy Regulation ePR [0000−0001−8283−4751] Welderufael B Tesfay 1[0000−0002−1087−2019] Dennis-Kenji Kipker 2[0000−0003−1454−591X] Mattea Stelter 2[0000−0002−3627−8990] and Sebastian Pape 1()[0000−0002−0893−7856] Keywords: Internet of Things Privacy Policies General Data Protec-tion Regulation
Document type :
Conference papers
Complete list of metadata

Cited literature [32 references]  Display  Hide  Download
https://hal.inria.fr/hal-02023740
Contributor : Hal Ifip <>
Submitted on : Thursday, February 21, 2019 - 4:44:11 PM
Last modification on : Thursday, February 21, 2019 - 4:45:52 PM
Long-term archiving on: : Wednesday, May 22, 2019 - 9:15:20 PM

File

Vignette du document
472722_1_En_12_Chapter.pdf
Files produced by the author(s)

Licence

Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

IFIP | IFIP-AICT | IFIP-TC | IFIP-TC11 | IFIP-SEC | IFIP-AICT-529

Citation

Niklas Paul, Welderufael Tesfay, Dennis-Kenji Kipker, Mattea Stelter, Sebastian Pape. Assessing Privacy Policies of Internet of Things Services. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.156-169, ⟨10.1007/978-3-319-99828-2_12⟩. ⟨hal-02023740⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

303

Files downloads

10

 

Contact                    Legal Notice                    Personal Data