当前位置:
X-MOL 学术
›
ACM Comput. Surv.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Privacy Laws and Privacy by Design Schemes for the Internet of Things
ACM Computing Surveys ( IF 23.8 ) Pub Date : 2021-05-25 , DOI: 10.1145/3450965 Atheer Aljeraisy 1 , Masoud Barati 1 , Omer Rana 1 , Charith Perera 1
ACM Computing Surveys ( IF 23.8 ) Pub Date : 2021-05-25 , DOI: 10.1145/3450965 Atheer Aljeraisy 1 , Masoud Barati 1 , Omer Rana 1 , Charith Perera 1
Affiliation
Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague and could be challenging to extract and enact such legal requirements. In this article, we have conducted a systematic analysis of the privacy and data protection laws that are used across different continents, namely (i) General Data Protection Regulations, (ii) the Personal Information Protection and Electronic Documents Act, (iii) the California Consumer Privacy Act, (iv) Australian Privacy Principles, and (v) New Zealand’s Privacy Act 1993. Then, we used framework analysis method to attain a comprehensive view of different privacy and data protection laws and highlighted the disparities to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, the key principles and individuals’ rights of the CPLF were mapped with Privacy by Design (PbD) schemes (e.g., privacy principles, strategies, guidelines, and patterns) developed previously by different researchers to investigate the gaps in existing schemes. Subsequently, we have demonstrated how to apply and map privacy patterns into IoT architectures at the design stage and have also highlighted the complexity of doing such mapping. Finally, we have identified the major challenges that should be addressed and potential research directions to take the burden off software developers when applying privacy-preserving techniques that comply with privacy and data protection laws. We have released a companion technical report [3] that comprises all definitions, detailed steps on how we developed the CPLF, and detailed mappings between CPLF and PbD schemes.
中文翻译:
物联网隐私法和隐私设计方案
物联网应用程序有可能获取有关个人的敏感信息。因此,开发人员必须进行尽职调查,以确保根据隐私法规和数据保护法管理数据。但是,这样做可能是一项艰巨且具有挑战性的任务。最近的研究表明,开发人员在遵守法规时通常会遇到困难。一个关键原因是,有时法规含糊不清,提取和制定此类法律要求可能具有挑战性。在本文中,我们对不同大陆使用的隐私和数据保护法进行了系统分析,即(i)通用数据保护条例,(ii)个人信息保护和电子文件法,(iii)加利福尼亚州消费者隐私法,(iv) 澳大利亚隐私原则,以及 (v) 新西兰 1993 年隐私法。然后,我们使用框架分析方法来全面了解不同的隐私和数据保护法律,并强调差异以帮助开发人员遵守不同的法规地区,以及创建联合隐私法框架 (CPLF)。之后,CPLF 的关键原则和个人权利与不同研究人员先前开发的隐私设计 (PbD) 方案(例如,隐私原则、策略、指南和模式)进行映射,以调查现有方案中的差距。随后,我们展示了如何在设计阶段将隐私模式应用和映射到物联网架构中,并强调了进行此类映射的复杂性。最后,我们已经确定了在应用符合隐私和数据保护法的隐私保护技术时应解决的主要挑战和潜在的研究方向,以减轻软件开发人员的负担。我们发布了一份配套技术报告 [3],其中包含所有定义、我们如何开发 CPLF 的详细步骤,以及 CPLF 和 PbD 方案之间的详细映射。
更新日期:2021-05-25
中文翻译:
物联网隐私法和隐私设计方案
物联网应用程序有可能获取有关个人的敏感信息。因此,开发人员必须进行尽职调查,以确保根据隐私法规和数据保护法管理数据。但是,这样做可能是一项艰巨且具有挑战性的任务。最近的研究表明,开发人员在遵守法规时通常会遇到困难。一个关键原因是,有时法规含糊不清,提取和制定此类法律要求可能具有挑战性。在本文中,我们对不同大陆使用的隐私和数据保护法进行了系统分析,即(i)通用数据保护条例,(ii)个人信息保护和电子文件法,(iii)加利福尼亚州消费者隐私法,(iv) 澳大利亚隐私原则,以及 (v) 新西兰 1993 年隐私法。然后,我们使用框架分析方法来全面了解不同的隐私和数据保护法律,并强调差异以帮助开发人员遵守不同的法规地区,以及创建联合隐私法框架 (CPLF)。之后,CPLF 的关键原则和个人权利与不同研究人员先前开发的隐私设计 (PbD) 方案(例如,隐私原则、策略、指南和模式)进行映射,以调查现有方案中的差距。随后,我们展示了如何在设计阶段将隐私模式应用和映射到物联网架构中,并强调了进行此类映射的复杂性。最后,我们已经确定了在应用符合隐私和数据保护法的隐私保护技术时应解决的主要挑战和潜在的研究方向,以减轻软件开发人员的负担。我们发布了一份配套技术报告 [3],其中包含所有定义、我们如何开发 CPLF 的详细步骤,以及 CPLF 和 PbD 方案之间的详细映射。
京公网安备 11010802027423号