Lindley, Joseph Galen and Coulton, Paul and Cooper, Rachel (2018) Informed by Design. In: Proceedings of the Living in the Internet of Things : Cyber Security of the IoT Conference. IEEE. ISBN 9781785618437
informed_by_design.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (9MB)
Abstract
The current (and future) adoption of the IoT has, for some time, stimulated debate about the broader implications for privacy, ethics, trust and security that the IoT. Given the IoT's penchant for generating and utilising various (oftentimes somewhat personal) data, the European Union's (EU) forthcoming General Data Protection Regulations (GDPR) will have a significant impact on how the IoT is regulated. As with the term IoT the interpretation of GDPR is generating its own discourses particularly around how wording within the regulation is turned into implementation. The paper begins by critiquing the term Privacy by Design (PbD), and an alternate form which appears in article 25 of the GDPR Data protection by design and default. We note that these two phrases are in fact part of a broader group which inexhaustively includes: Security by Design, Privacy by Default, Security by Default, Data Protection by Design, Data Protection by Default. Our critique does not concern the sentiments or intentions represented by these phrases, or PbD per se, but highlights ambiguities and potentially misleading interpretations that their invocation promotes. After exploring these potential pitfalls, we go on to discuss design-led research that positions Informed by Design as a more fruitful approach to creating IoT devices and services which can more meaningfully respond to concerns about privacy, ethics, trust and security.