Privacy Laws and Privacy by Design Schemes for the Internet of Things

Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence make sure that data are managed according privacy regulations and protection laws. However, doing so can be a difficult challenging task. Recent research has revealed typically face difficulties when complying with regulations. One key reason is that, at times, vague could extract enact such legal requirements. In this article, we conducted systematic analysis laws used across different continents, namely (i) General Data Protection Regulations, (ii) Personal Information Electronic Documents Act, (iii) California Consumer Privacy (iv) Australian Principles, (v) New Zealand’s Act 1993. Then, framework method attain comprehensive view highlighted disparities assist in adhering regions, along creating Combined Law Framework (CPLF). After principles individuals’ rights CPLF were mapped by Design (PbD) schemes (e.g., principles, strategies, guidelines, patterns) developed previously researchers investigate gaps existing schemes. Subsequently, demonstrated how apply map patterns into IoT architectures design stage also complexity mapping. Finally, identified major challenges should addressed directions take burden off software applying privacy-preserving techniques comply We released companion technical report [3] comprises all definitions, detailed steps on CPLF, mappings between PbD