Skip to main content
SpringerLink
Log in

Privacy Protection in an Internet of Things Environment

  • Chapter
  • First Online:
Designing for Privacy and its Legal Framework

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 40))

  • 1569 Accesses

Abstract

This chapter puts privacy protection into context of an Internet of Things environment and elaborates on three technologies in particular: (1) Radio Frequency Identification (RFID), which is typically used to identify objects and monitor their paths, (2) smart energy architectures, which measure and communicate energy data, and (3) smart wearable devices that are used to track health and fitness data of users. These case studies show the privacy concerns triggered by these technologies and how they are addressed by regulations, standards, and technical mechanisms. The goal of these case studies is to illustrate how regulation and technologies attempt to protect the privacy interests discussed in Chap. 3. In other words, the case studies aim to generate an understanding of how law and technology address privacy issues in various contexts. At a later stage, we will build upon these case studies when discussing the legal protection mechanisms (Chap. 5) and technical protection mechanisms (Chap. 6).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Cf. Greengard, pp. 167 et seqq.; Peppet, p. 89; Thierer, pp. 14 et seqq.; IERC, IoT Report, 2015, pp. 16 et seqq.; PEW IoT Report, 2014; OECD, Digital Outlook, 2015, pp. 239 et seqq.; WP29, Opinion on IoT, 2014, p. 3. Note, NIST uses the term Cyber-Physical Systems sometime interchangeably with IoT, cf. NIST Framework on Cyber-Physical Systems, 2015, p. 1. In addition, the term ubiquitous computing and ambient intelligence are often used to describe such networks. See here Weiser who coined the term ubiquitous computing and Wright et al. on ambient intelligence.

  2. 2.

    OECD, Digital Outlook, 2015, p. 244; cf. also Misra/Maheswaran/Hashmi, pp. 5-6; WP 29, Opinion on IoT, 2014, p. 6 defining the IoT as devices “that can be controlled remotely over the Internet.”

  3. 3.

    Misra/Maheswaran/Hashmi, p. 10.

  4. 4.

    Cf. on applications of IoT Misra/Maheswaran/Hashmi, pp. 11-14.

  5. 5.

    Misra/Maheswaran/Hashmi, p. 10.

  6. 6.

    Cf. Greengard, pp. 1 et seqq.; Peppet, pp. 98 et seqq.; PEW IoT Report, 2014, p. 2; WP 29, Opinion on IoT, 2014, p. 3; OECD, Digital Outlook, 2015, p. 248 and p. 256 in particular.

  7. 7.

    Mattern/Flörkemeier, pp. 110-112.

  8. 8.

    Lehpamer, p. 25; Thierer, p. 9; cf. also OECD, Digital Outlook, 2015, p. 250.

  9. 9.

    Lehpamer, pp. 26-27; cf. also OECD, Digital Outlook, 2015, p. 250; RAND, IoT Report, 2012, pp. 59-61.

  10. 10.

    Short for Global System for Mobile Communications, Universal Mobile Telecommunications System, Long-Term Evolution 4th (or soon 5th) generation of mobile networks.

  11. 11.

    Cf. on the technical background of IoT in particular Chaouchi, pp. 13-20; Greengard, pp. 51 et seqq.; Höller et al., pp. 81 et seqq.; Mattern/Flörkemeier, pp. 108-110; Mattern, IoT, pp. 45 et seqq.; OECD, Digital Outlook, 2015, pp. 247 et seqq.

  12. 12.

    Cf. Misra/Maheswaran/Hashmi, pp. 6 et seqq.

  13. 13.

    Cf. Beckel et al., unpaginated; Kleiminger/Beckel/Santini, pp. 975 et seqq.

  14. 14.

    Cf. Guinard, pp. 4 et seqq.

  15. 15.

    Mattern/Flörkemeier, pp. 109-112; cf. also Chaouchi, p. 25; OECD, Digital Outlook, 2015, pp. 240 et seqq.

  16. 16.

    Greengard, pp. 37 et seqq.

  17. 17.

    Chappell, pp. 585 et seqq.; cf. also IETF, IPv6 standard.

  18. 18.

    Guinard et al., p. 97; Mattern/Flörkemeier, pp. 108-110; Mayer, pp. 7 et seqq.; cf. also Höller et al., pp. 70-72; Mayer/Guinard/Trifa, unpaginated.

  19. 19.

    Cf. Mayer, p. 8; cf. also IERC, IoT Report, 2015, pp. 19 et seqq.

  20. 20.

    Botero/Chaouchi, p. 139; cf. also Lehpamer, pp. 54 et seqq.; Polenz, pp. 12 et. seqq.; OECD, Digital Outlook, 2015, pp. 240 et seqq. Newer technologies supplement RFID’s ability to identify things (e.g., image-based identification of objects).

  21. 21.

    In particular combined with other technologies, such as the widespread availability of smartphones, RFID tags changed the way everyday devices are addressed. Cf. Greengard, pp. 34 et seqq.

  22. 22.

    Goel/Hong, p. 1.

  23. 23.

    Geisler, unpaginated; Wagner, pp. 206-212.

  24. 24.

    Peppet, p. 89, 92; Luxton et al., p. 137; Thierer, pp. 1 et seqq.; PEW Tracking for Health, 2013.

  25. 25.

    Another similar technology is NFC. NFC is a two-way communication protocol and useful for interactions, such as payments or public transport. For example, toll-systems, or transportation passes (e.g., Japan’s Suica card) rely NFC technology. Cf. OECD, Digital Outlook, 2015, p. 249.

  26. 26.

    Botero/Chaouchi, p. 130; Juels/Rivest/Szydlo, p. 103; Kerr, p. 337; Langheinrich, RFID, pp. 340-341; Lee et al., p. 237; Mattern, IoT, p. 55; Polenz, pp. 7 et seqq.

  27. 27.

    Polenz, pp. 48 et seqq.

  28. 28.

    Cf. in particular Kerr, pp. 337-338; Lampe/Flörkemeier/Haller, pp. 70 et seqq.; Leenes/Koops, Code, pp. 183 et seqq.; Polenz, pp. 48 et seqq.

  29. 29.

    Botero/Chaouchi, pp. 139-140; Juels/Rivest/Szydlo, p. 103.

  30. 30.

    Botero/Chaouchi, pp. 139-140.

  31. 31.

    EDÖB, Swiss Pass Opinion, 2016.

  32. 32.

    Cf. Polenz, pp. 86 et seqq.

  33. 33.

    Thiesse, pp. 366-370, describes the public discourse and discovers a repeating pattern between action and reaction (i.e., companies that announce the implementation of RFID tags in their latest products and corresponding reaction of anti-RFID tags organizations), leading often to the removal of the tags by the companies. Cf. also Catuogno/Turchi, p. 207 with further references; Langheinrich, RFID, pp. 329 et seqq.; Leenes/Koops, Code, pp. 186 et seqq.; Polenz, pp. 19 et seqq.

  34. 34.

    The WP 29 published a working document on RFID in 2005. This working document is a first assessment report of the RFID environment. Cf. also Cuijper/Purtova/Kosta, p. 561 with reference to WP 29, Revised Opinion on PIA for RFID, 2011 (prior WP 29, Opinion on PIA for RFID, 2010).

  35. 35.

    WP 29, Working document on RFID, 2005, pp. 9-11.

  36. 36.

    WP 29, Working document on RFID, 2005, pp. 12-13.

  37. 37.

    Cf. WP 29, Opinion on PIA for RFID, 2010; WP 29, Revised Opinion on PIA for RFID, 2011.

  38. 38.

    EC, Recommendation on RFID, 2009.

  39. 39.

    According to the EC this sign should contain information on the “identity of the operator and a point of contact for individuals to obtain the information policy for the application.” Cf. EC, Recommendation on RFID, 2009, p. 50.

  40. 40.

    EC, Recommendation on RFID, 2009, pp. 50-51. Note that the goal of increasing transparency when it comes to the data processing via “chips” is also reflected in national data protection acts of EU member states such as the German Fedreal Data Protection Act (BDSG). The BDSG included in 2011 a provision on “mobile storage and processing media for personal data” (provision § 6c), which had RFID tags in mind when drafted. Cf. Simitis/Scholz, § 6c, marginal No. 5 et seqq.

  41. 41.

    ISO is based in Geneva and their standards are universal. ISO standards are widely supported in Europe (compared to the EPC standards more widely supported in the US), cf. Lehpamer, p. 105.

  42. 42.

    Cf. EPC Global, RFID Gen. 2 standard which defines physical and logical requirements of RFID systems. According to Botero/Chaouchi, p. 136 most RFID manufacturers have implemented this EPC Global standard.

  43. 43.

    For an overview over the common RFID standards published by the ISO cf. Botero/Chaouchi, pp. 134-136, Lampe/Flörkemeier/Haller, pp. 82-84, and Lehpamer, pp. 105 et seqq. Cf. also RAND, IoT Report, 2012, pp. 56 et seqq.

  44. 44.

    Lehpamer, p. 105.

  45. 45.

    Lehpamer, p. 119. Cf. ISO/IEC 18000 standard series which define operations of various RFID technologies for item management using different frequency ranges.

  46. 46.

    WP 29, Working document on RFID, 2005, pp. 15-17.

  47. 47.

    Cf. Juels/Molnar/Wagner, pp. 74 et seqq.; Juels/Rivest/Szydlo, p. 105; Karygiannis/Eydt/Phillips, p. 552; Suzuki/Ohkubo/Kinoshita, p. 635.

  48. 48.

    A similar sledgehammer approach is the carrying of devices that actively transmit radio signals in order to interrupt or disturb the operation of close-by RFID readers. Juels/Rivest/Szydlo, p. 105 who also note that this approach may be illegal, especially if the broadcast power is too high.

  49. 49.

    Gollakota et al., pp. 2 et seqq.

  50. 50.

    Gollakota et al., p. 4.

  51. 51.

    Langheinrich, RFID, pp. 347-348.

  52. 52.

    Karygiannis/Eydt/Phillips, pp. 556-557.

  53. 53.

    Juels/Rivest/Szydlo, p. 104; Langheinrich, RFID, p. 341; cf. also Lehpamer, pp. 290-291.

  54. 54.

    Cf. Juels/Rivest/Szydlo, p. 104; Langheinrich, RFID, pp. 341-343.

  55. 55.

    Langheinrich, RFID, pp. 341-343.

  56. 56.

    Cf. Juels/Rivest/Szydlo, p. 104; Langheinrich, RFID, pp. 342-343.

  57. 57.

    This technical solution was introduced by Weis et al., pp. 206-208; cf. also Juels/Rivest/Szydlo, p. 105.

  58. 58.

    Cf. Langheinrich, RFID, pp. 344-346; Suzuki/Ohkubo/Kinoshita, p. 636; Weis et al., pp. 206-208.

  59. 59.

    Langheinrich, RFID, p. 343.

  60. 60.

    OECD, Digital Outlook, 2015, p. 261; cf. Papakonstantinou/Kloza, p. 42 on the benefits smart grids for utility provider and users.

  61. 61.

    By 2020, the member states must roll out smart meters in roughly 80% of the households. Cf. Directive 2009/72/EC in Annex 1 Para. 2; OECD, Digital Outlook, 2015, p. 261.

  62. 62.

    Papakonstantinou/Kloza, p. 41.

  63. 63.

    Wells, p. 29; Papakonstantinou/Kloza, p. 41 stating that: “[B]y contrast, a traditional meter records the amount of electricity or gas used over a time period and can potentially distinguish between peak and off-peak hours based on a clock.”; cf. also Rahman/Oo, p. 112. Note Directive 2004/22/EC defines utility “supplier of electricity, gas, heat, or water” in Annex I.

  64. 64.

    Wells, p. 29; Rahman/Oo, p. 110.

  65. 65.

    Rahman/Oo, p. 113.

  66. 66.

    Rahman/Oo, p. 110; Wagner, p. 218.

  67. 67.

    Rahman/Oo, p. 110. To a certain extent financial incentives schemes already exists without smart meters (e.g., with lower energy prices over night), however, the hope is to further optimize such schemes; Wagner, p. 218.

  68. 68.

    Cavoukian/Polonetsky/Wolf, pp. 283-284; Fhom/Bayarou, p. 235; Garcia/Jacobs, pp. 228-229; Quinn, pp. 9 et seqq.; cf. also Beckel et al., unpaginated; Kleiminger/Beckel/Santini, pp. 975 et seqq.

  69. 69.

    Garcia/Jacobs, p. 229; cf. also Beckel et al., unpaginated; Kleiminger/Beckel/Santini, pp. 975 et seqq.

  70. 70.

    The Third Energy Package consists of a bundle of Directives that promote an efficient EU gas and electricity market.

  71. 71.

    Since 2006 the EU has set in motion a legal framework to ensure efficient end-use of energy. The Directive 2006/32/EC set energy saving targets and created conditions that promote efficient delivery and end-use of energy. Cf. Art. 1 Directive 2006/32/EC. The Directive 2006/32/EC was repealed by the newer Directive 2012/27/EU, which follows the same overall objectives as its predecessor from 2006, namely the shift to a more “energy-efficient economy” accelerated by “the spread of innovative technological solutions.” Cf. Recital 1 of the Directive 2012/27/EU.

  72. 72.

    Cf. Art. 3(11) Directive 2009/72/EC.

  73. 73.

    Art. 9(2)(e) Directive 2012/27/EU.

  74. 74.

    Art. 9(2)(a) Directive 2012/27/EU; Art. 9 Directive 2012/72/EC lays the basic requirements of metering infrastructure.

  75. 75.

    Art. 9(2)(b) Directive 2012/27/EU.

  76. 76.

    Directive 2004/22/EC, Annex I, Para. 8(2) and 8(3) states that hardware components as well as software that are “critical for metrological characteristics” must be secured. Additionally, measurement data must be protected “against accidental or intentional corruption,” cf. Directive 2004/22/EC, Annex I, Para. 8(4). Annex MI-003 also sets the minimum retention period of 4 months for electricity information measured by an electrical meter, cf. Directive 2004/22/EC, Annex MI-003, Para. 5(3).

  77. 77.

    See Papakonstantinou/Kloza, pp. 53-57 for a commentary of non-binding recommendations and opinions. Cf. also the final report of the CEN/CENELEC/ETSI Joint Working Group on Standards for Smart Grids, 2011 which provides an overview over all existing standards related to smart energy architectures. It takes into account the initiatives of the Smart Grid Task Force.

  78. 78.

    Art. 4 of the EC Recommendation on Smart Metering 2012 states that such an assessment must include a description of “the envisaged processing operations, an assessment of the risks to the rights and freedoms of data subjects, the measures envisaged to address the risks, safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with Directive 95/46/EC.”

  79. 79.

    The first DPIA template by the Smart Grid Task Force was criticized by the WP 29. The WP 29 raised in particular concerns vis-à-vis “lack of clarity on the nature and objectives of the DPIA, certain methodological flaws as well as the lack of sector-specific content.” Cf. Papakonstantinou/Kloza, p. 101; cf. also WP 29, Opinion on DPIA, 2013, pp. 6 et seqq.; Kloza/van Dijk/De Hert, pp. 26-31. This criticism led the Smart Grid Task Force to revisit its template and improve it.

  80. 80.

    Smart Grid Task Force, DPIA Template 2014, pp. 21-22.

  81. 81.

    Smart Grid Task Force, DPIA Template 2014, pp. 21-22; cf. also Kloza/van Dijk/De Hert, pp. 29-31; Papakonstantinou/Kloza, pp. 101-107.

  82. 82.

    Smart Grid Task Force, DPIA Template 2014, p. 23.

  83. 83.

    Smart Grid Task Force, DPIA Template 2014, p. 27.

  84. 84.

    Smart Grid Task Force, DPIA Template 2014, p. 33; cf. also Kloza/van Dijk/De Hert, pp. 29-31; Papakonstantinou/Kloza, pp. 101-107.

  85. 85.

    Smart Grid Task Force, DPIA Template 2014, p. 35; cf. also Kloza/van Dijk/De Hert, pp. 29-31; Papakonstantinou/Kloza, pp. 101-107.

  86. 86.

    Based on the individual user-created ID/password various authorization levels to utilize one or more functions or features of smart meters can be assigned to the user. Cf. IEEE 1686-2013, p. 7; cf. also Chap. 6.

  87. 87.

    IEEE 1686-2013, p. 7.

  88. 88.

    IEEE 1686-2013, p. 8.

  89. 89.

    IEEE 1686-2013, pp. 11-12.

  90. 90.

    Note that typically, data collected via smart meter is transmitted to the utility provider via Internet Protocols, such as TCP/IP or UDP/IP. Cf. Rahman/Oo, p. 117. Another transportation medium are traditional (copper cable) power lines (cf. here Aichele/Doleski, p. 27) or radio frequency. When data is transmitted via radio frequency, smart meters must be equipped with a transceiver to send and receive data. The data is either sent through other meters via a mesh network to an aggregator or sent directly. The former often use unregulated bands (e.g., ZigBee technology), while the latter includes GSM-based technologies. Cf. Wells, p. 29.

  91. 91.

    Goel/Hong, pp. 7-8; cf. also Ali/Azad/Khorshed, pp. 179-180.

  92. 92.

    Ali/Azad/Khorshed, p. 174 et seqq.

  93. 93.

    Cf. Fhom/Bayarou, pp. 237-239 on security measures for smart grids.

  94. 94.

    Goel/Hong, p. 34; cf. also Cavoukian/Polonetsky/Wolf, p. 282.

  95. 95.

    Goel and Hong differentiate between two types of aggregation methods for smart meter data: (1) spatial aggregation, and (2) temporal aggregation. Spatial aggregation means that the smart meter data is aggregated by geographical locations. Here the “sum of meter readings of a larger grid segment is transmitted to the data recipients such as the smart grid control center, instead of the meter readings of single household.” Temporal aggregation aggregates the data of a single meter over a longer period. Such temporal aggregation is useful only when the readings from an individual meter are important, such as for billing purposes. Cf. Goel/Hong, p. 34.

  96. 96.

    Goel/Hong, p. 34.

  97. 97.

    Kursawe/Danezis/Kohlweiss, p. 175.

  98. 98.

    Peppet, p. 98; cf. also Park/Chung/Jayaraman, pp. 8 et seqq. on the attributes of wearables; Luxton et al., pp. 140-141.

  99. 99.

    They can also be embedded directly into smartphones, cf. Thierer, p. 21.

  100. 100.

    Gasser, p. 347; cf. also Greengard, pp. 38-39.

  101. 101.

    Cf. Greengard, pp. 37-40.

  102. 102.

    Peppet, pp. 98 et seqq.

  103. 103.

    E.g., Scanadu Scout, or HAPIfork which measures the pace of eating habits. Cf. Peppet, pp. 100-104.

  104. 104.

    E.g., Fitbit, Jawbone and Nike FuelBand bracelets, or similarly Apple, Samsung, or Microsoft smartwatch series, as well as Basis sport watches. Other wearables are e.g., UVeBand, or W/Me bracelets.

  105. 105.

    E.g., Mimo Baby Monitor shirts. Cf. Peppet, pp. 88 et seqq.

  106. 106.

    E.g., Lifebeam helmet, or Melon or Muse meditation assistant headbands. Cf. Peppet, pp. 88 et seqq.

  107. 107.

    E.g., DuoSkin a smart tattoo <http://duoskin.media.mit.edu/> (last visited November 2016); Abilify MyCite, the first digital pill the Food and Drug Administration in the USA approved, cf. Belluck, NYT, 2017.

  108. 108.

    Cf. Peppet, pp. 88 et seqq. with further references.

  109. 109.

    Cf. Peppet, p. 88 with further references; cf. also Park/Chung/Jayaraman, pp. 11 et seqq.; WP29, Opinion on IoT, 2014, p. 5.

  110. 110.

    Peppet, pp. 99-104; cf. also Thierer, pp. 31 et seqq.

  111. 111.

    WP 29, Opinion on IoT, 2014, p. 5.

  112. 112.

    Haggin, WSJ, 2016.

  113. 113.

    Greengard, pp. 155-159.

  114. 114.

    Cf. on biohacking Thierer, pp. 34 et seqq. with further references.

  115. 115.

    Greengard, p. 158 in particular.

  116. 116.

    Note other rights exists in the healthcare context, e.g., Directive 2011/24/EC. However, the Directive 2011/24/EC applies only when health care professionals (defined in Art. 2 as doctors, nurses, responsible for general care, or similar) are involved. The quantified-self movement does typically not involve such health care professionals.

  117. 117.

    Recital 38 Directive 95/46/EC.

  118. 118.

    WP 29, Opinion on apps on smart devices, 2013, pp. 24-25; cf. also Code of Conduct mHealth, version 2016.

  119. 119.

    WP 29, Opinion on apps on smart devices, 2013, p. 24; cf. also Code of Conduct mHealth, version 2016.

  120. 120.

    WP 29, Opinion on apps on smart devices, 2013, p. 24; cf. also Code of Conduct mHealth, version 2016.

  121. 121.

    WP 29, Opinion on apps on smart devices, 2013, p. 25; cf. also Code of Conduct mHealth, version 2016.

  122. 122.

    WP 29, Opinion on apps on smart devices, 2013, pp. 18-21; cf. also Code of Conduct mHealth, version 2016.

  123. 123.

    Cf. Abstract of ISO 27799: 2008.

  124. 124.

    Cf. Abstract of ISO 27799: 2008.

  125. 125.

    Cf. also Greengard, pp. 38 et seqq.

  126. 126.

    Talos relys on the design of CryptDB (for more, see Chap. 6). CryptDB was designed with Web application in mind and performs all en- and decryption processes at the client-side. It does so, by using “a trusted proxy which intercepts the communication and applies en-/decryption” processes. CryptDB relies on the use of a trusted proxy—which has access to the keys and plaintext—and employs relatively expensive cryptographic schemes. Therefore, CryptDB is not best suitable for Internet of Things applications and devices with relatively low processing powers and memory. As a result, but relying on the design of CryptDB, Shafagh et al. propose Talos, a system for encrypted query processing for Internet of Things devices. Cf. Shafagh et al., p. 198; cf. also Popa et al., pp. 85 et seqq.

  127. 127.

    In Talos, Shafagh et al. further optimize the employed homomorphic encryption schemes in order to overcome the bandwidth, storage, and energy constraints still common in smart devices. Cf. Shafagh et al., pp. 197 et seqq.

  128. 128.

    Jensen/Lu/Yiu, pp. 35 et seqq.

  129. 129.

    Ardagna et al., pp. 315 et seqq.; Jensen/Lu/Yiu, pp. 33 et seqq.; Nissenbaum, Trust, p. 113; Zhang/Huang, pp. 159 et seqq.

  130. 130.

    Jensen/Lu/Yiu, p. 33; cf. also Ardagna et al., pp. 316-317.

  131. 131.

    Jensen/Lu/Yiu, p. 33.

  132. 132.

    Jensen/Lu/Yiu, p. 36; cf. also Pfitzmann et al., p. 38.

  133. 133.

    Jensen/Lu/Yiu, p. 45; cf. also Ardagna et al., pp. 315 et seqq.

  134. 134.

    Jensen/Lu/Yiu, pp. 45-46.

  135. 135.

    Jensen/Lu/Yiu, p. 46; Kato et al., p. 254.

  136. 136.

    Kato et al., pp. 249 et seqq.; cf. also Ardagna et al., pp. 315 et seqq. elaborating on different techniques for location privacy protection.

References

Literature

  • Aichele, C. & Doleski, O. (2013). Einführung in den Smart Meter Rollout. In C. Aichele & O. Doleski (Eds.), Smart Meter Rollout (3-40). Heidelberg: Springer.

    Chapter  Google Scholar 

  • Ali, S., Azad, S. & Khorshed, T. (2013). Securing the Smart Grid: A Machine Learning Approach. In A. Shawkat (Ed.), Smart Grids—Opportunities, Developments, and Trends (pp. 169-198). Berlin: Springer.

    Google Scholar 

  • Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S. & Samarati, P. (2008). Privacy-Enhancing Location Service Information. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 307-326). New York: Auerbach Publications.

    Google Scholar 

  • Beckel, C., Sadamori, L., Santini, S. & Staake, T. (2015). Automated Customer Segmentation Based on Smart Meter Data with Temperature and Daylight Sensitivity. Proceedings of the 6th IEEE International Conference on Smart Grid Communications, Miami, USA, unpaginated.

    Google Scholar 

  • Botero, O. & Chaouchi, H. (2010). RFID Applications and Related Research Issues. In H. Chaouchi (Ed.), The Internet of Things: Connecting Objects to the Web (pp. 129-156). London: ISTE Ltd. / New Jersey: John Wiley & Sons.

    Chapter  Google Scholar 

  • Cavoukian, A., Polonetsky, J. & Wolf, C. (2010). Smart Privacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation. Identity in the Information Society, 3(2), 275-294.

    Article  Google Scholar 

  • Chaouchi, H. (2010). Introduction to the Internet of Things. In H. Chaouchi (Ed.), The Internet of Things—Connecting Objects to the Web (pp. 1-33). London: ISTE Ltd. / Indianapolis: John Wiley & Sons.

    Chapter  Google Scholar 

  • Chappell, L. (2007). Guide to TCP/IP (3rd edition), Boston: Thomson Course Technology.

    Google Scholar 

  • Cuijpers, C., Purtova, N. & Kosta, E. (2014b). Data protection reform and the Internet: the draft Data Protection Regulation. In A. Savin & J. Trzaskowski (Eds.), Research Handbook on EU Internet Law (pp. 543-568). Cheltenham: Edward Elgar.

    Google Scholar 

  • Fhom, H.S. & Bayarou, K. (2011). Towards a Holistic Privacy Engineering Approach for Smart Grid Systems. Proceedings of International Joint Conference of IEEE TrustCom11, 234-241. <https://doi.org/10.1109/TrustCom.2011.32>

  • Garcia, F. & Jacobs, B. (2010). Privacy-friendly energy-metering via homomorphic encryption. Proceedings of the International Workshop on Security and Trust Management, Athens, Greece. Published in Lecture Notes in Computer Science, Vol. 6710, 226-238. <https://doi.org/10.1007/978-3-642-22444-7_15>

  • Gasser, U. (2015). Perspectives on the Future of Digital Privacy. Rechtsfragen im digitalen Zeitalter. Schweizerischer Juristentag 2015, ZSR Band 134 II, 337-448.

    Google Scholar 

  • Geisler, K. (2015). The Relationship Between Smart Grids and Smart Cities [Electronic version]. IEEE Smart Grid Newsletter Compendium, unpaginated. Retrieved from <http://smartgrid.ieee.org/newsletters/may-2013/the-relationship-between-smart-grids-and-smart-cities>

  • Goel, S. & Hong, Y. (2015). Security Challenges in Smart Grid Implementation. In S. Goel, Y. Hong, V. Papakonstantinou & D. Kloza (Eds.), Smart Grid Security (pp. 1-40). Heidelberg: Springer.

    Google Scholar 

  • Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D. & Fu, K. (2011). They can hear your heartbeats: non-invasive security for implantable medical devices. Proceedings of the ACM SIGCOMM, Toronto, Ontario, Canada. Printed in ACM Computer Communication Review Newsletter, 41(4), 2-13. <https://doi.org/10.1145/2018436.2018438>

    Article  Google Scholar 

  • Greengard, S. (2015). The Internet of Things. Cambridge: MIT Press.

    Google Scholar 

  • Guinard, D. (2011). A Web of Things Application Architecture—Integrating the Real-World into the Web. Dissertation, ETH Zurich, No. 19891.

    Google Scholar 

  • Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S. & Boyle, D. (2014). From Machine-to-Machine to the Internet of Things: Introduction to a New Age of Intelligence. Amsterdam: Elsevier.

    Google Scholar 

  • Jensen, C., Lu, H. & Yiu, M.L. (2009). Location Privacy Techniques in Client-Server Architectures. In C. Bettini, S. Jajodia, P. Samarati & X. S. Wang, Privacy in Location-Based Applications, Vol. 5599 of the Series Lecture Notes in Computer Science (pp 31-58). Heidelberg: Springer.

    Chapter  Google Scholar 

  • Juels, A., Rivest, R. & Szydlo, M. (2003). The blocker tag: Selective blocking of RFID tags for consumer privacy. Proceedings of the 10th ACM conference on Computer and communications security, Washington D.C., USA, 103-111. <https://doi.org/10.1145/948109.948126>

  • Juels, A., Molnar, D. & Wagner, D. (2005). Security and privacy issues in e-passports. IEEE Security and Privacy for Emerging Areas in Communication Networks, 74-88. <https://doi.org/10.1109/SECURECOMM.2005.59>

  • Karygiannis, A., Eydt, B. & Phillips, T. (2008). Practical Steps for Securing RFID Systems. In S. Ahson & M. Ilyas (Eds.), RFID Handbook, Applications, Technology, Security, and Privacy (pp. 533-571). London: CRC Press.

    Google Scholar 

  • Kato, R., Iwata, M., Hara, T., Suzuki, A., Xie, X., Arase, Y. & Nishio, S. (2012). A dummy-based anonymization method based on user trajectory with pauses. Proceeding of the 20th International Conference on Advances in Geographic Information Systems, Redondo Beach, California, 249-258. <https://doi.org/10.1145/2424321.2424354>

  • Kerr, I. (2009). The Internet of People? Reflections on the Future Regulation of Human-Implantable Radio Frequency Identification. In I. Kerr, C. Steeves & V. Lucock (Eds.), Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society (pp. 335-357). Oxford: University Press.

    Google Scholar 

  • Kleiminger, W., Beckel, C. & Santini, S. (2015). Household Occupancy Monitoring Using Electricity Meters. Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2015), Osaka, Japan, 975-986. <https://doi.org/10.1145/2750858.2807538>

  • Kloza, D., van Dijk, N. & De Hert, P. (2015). Assessing the European Approach to Privacy and Data Protection in Smart Grids—Lessons for Emerging Technologies. In F. Skopik & P. Smith (Eds.), Smart Grid Security: Innovative Solutions for a Modernized Grid (pp. 11-47). Amsterdam: Elsevier.

    Chapter  Google Scholar 

  • Kursawe, K., Danezis, G. & Kohlweiss, M. (2011). Privacy-Friendly Aggregation for the Smart-Grid. In S. Fischer-Hübner & N. Hopper (Eds.), Privacy Enhancing Technologies (pp. 175-191). Heidelberg: Springer.

    Chapter  Google Scholar 

  • Lampe, M., Flörkemeier, C. & Haller, S. (2005). Einführung in die RFID-Technologie. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 69-86). Heidelberg: Springer.

    Google Scholar 

  • Langheinrich, M. (2005). Die Privatsphäre im Ubiquitous Computing—Datenschutzaspekte der RFID-Technologie. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 329-362). Heidelberg: Springer. (cited: RFID)

    Google Scholar 

  • Lee, Y.K., Batina, L., Singelee, D., Preneel, B. & Verbauwhede, I. (2010). Anti-counterfeiting, Untraceability and Other Security Challenges for RFID Systems—Pubic-Key-Base Protocols and Hardware. In A.R. Sadeghi & D. Naccache (Eds.), Towards Hardware-Intrinsic Security—Foundations and Practice (pp. 237-257). Heidelberg: Springer.

    Chapter  Google Scholar 

  • Leenes, R. & Koops, B.J. (2006). Code and Privacy or How Technology is Slowly Eroding Privacy. In E. Dommering & L. Asscher (Eds.), Coding Regulation—Essays on the Normative Role of Information Technology (pp. 141-203). The Hague: T.M.C. Asser Press. (cited: Code)

    Google Scholar 

  • Lehpamer, H. (2012). RFID Design Principles (2nd edition). Boston: Artech House.

    Google Scholar 

  • Luxton, D., June, J., Sano, A. & Bickmore, T. (2016). Intelligent Mobile, Wearable, and Ambient Technologies for Behavioral Health Care. In D. Luxton (Ed.), Artificial Intelligence in Behavioral and Mental Health Care (pp. 137-162). Amsterdam: Elsevier.

    Chapter  Google Scholar 

  • Mattern, F. & Flörkemeier, C. (2010). Vom Internet der Computer zum Internet der Dinge. Informatik-Spektrum, 33(2), 107-121. (English version: From the Internet of Computers tot he Internet of Things. In K. Sachs, I. Petrov & P. Guerrero (Eds.), From Active Data Management to Event-Based Systems and More (pp. 242-259). Heidelberg: Springer.)

    Google Scholar 

  • Mattern, F. (2005). Die technische Basis für das Internet der Dinge. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 39-66). Heidelberg: Springer. (cited: IoT)

    Google Scholar 

  • Mayer, S. (2014). Interacting with the Web of Things. Dissertation, ETH Zurich, No. 22203.

    Google Scholar 

  • Mayer, S., Guinard, D. & Trifa, V. (2010). Facilitating the Integration and Interaction of Real-World Services for the Web of Things, Urban Internet of Things. Paper presented at Workshop of IoT Conference, Tokyo, Japan, unpaginated. Retrieved from <http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.372.4754>

  • Misra, S., Maheswaran, M. & Hashmi, S. (2017). Security Challenges and Approaches in Internet of Things, Briefs in Electrical and Computer Engineering. Heidelberg: Springer.

    Book  Google Scholar 

  • Nissenbaum, H. (2001). Securing trust online: Wisdom or oxymoron? Boston University Law Review, 81(3), 101-131. (cited: Trust)

    Google Scholar 

  • Papakonstantinou, V. & Kloza, D. (2015). Legal Protection of Personal Data in Smart Grid and Smart Metering Systems from the European Perspective. In S. Goel, Y. Hong, V. Papakonstantinou & D. Kloza (Eds.), Smart Grid Security (pp. 41-129). Heidelberg: Springer.

    Google Scholar 

  • Park, S., Chung, K. & Jayaraman, S. (2014). Wearables: Fundamentals, Advancements, and a Roadmap for the Future. In E. Sazonov & M. Neuman (Eds.), Wearable Sensors, Fundamentals, Implementation and Applications (pp. 1-23). Amsterdam: Elsevier.

    Google Scholar 

  • Peppet, S. (2014). Regulating the Internet of Things: First Steps Towards Managing Discrimination, Privacy, Security & Consent. Texas Law Review, 93, 85-176.

    Google Scholar 

  • Pfitzmann, A., Juschka, A., Stange, A.K., Steinbrecher, S. & Köpsell, S. (2008). Communication Privacy. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 19-46). New York: Auerbach Publications.

    Google Scholar 

  • Polenz, S. (2009). RFID-Techniken und Datenschutzrecht—Perspektiven der Regulierung. Dissertation, Technische Universität Chemnitz.

    Google Scholar 

  • Popa, R.A., Redfield, C., Zeldovich, N. & Balakrishnan, H. (2011). CryptDB: protecting confidentiality with encrypted query processing. Proceedings of the 23rd ACM Symposium on Operating Systems Principles, Cascais, Portugal, 85-100. <https://doi.org/10.1145/2043556.2043566>

  • Quinn, E.L. (2009). Privacy and the new energy infrastructure [Electronic version]. A report for the University of Colorado Public Utilities Commission. Retrieved from <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1370731>

  • Rahman, M. & Oo, A. (2013). Smart Meter. In A. Shawkat (Ed.), Smart Grids—Opportunities, Developments, and Trends (pp. 109-133). Berlin: Springer.

    Google Scholar 

  • Shafagh, H., Hithnawi, A., Dröscher, A., Duquennoy, S. & Hu, W. (2015). Talos: Encrypted Query Processing for the Internet of Things. Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, Seoul, South Korea, 197-210. <https://doi.org/10.1145/2809695.2809723>

  • Simitis, S. (2014). Bundesdatenschutzgesetz Kommentar (8. Auflage). Baden-Baden: Nomos. (cited: Author, article, marginal No.)

    Google Scholar 

  • Suzuki, K., Ohkubo, M. & Kinoshita, S. (2008). Cryptographic Approaches to RFID Security and Privacy. In: S. Ahson & M. Ilyas (Eds.), RFID Handbook, Applications, Technology, Security, and Privacy (pp. 631-641). London: CRC Press.

    Google Scholar 

  • Thierer, A. (2015). The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation. Richmond Journal of Law & Technology, 21(6), 1-118.

    Google Scholar 

  • Thiesse, F. (2005). Die Wahrnehmung von RFID als Risiko für die informationelle Selbstbestimmung. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 363-378). Heidelberg: Springer.

    Google Scholar 

  • Wagner, F. (2012). Datenschutz in Connected Homes. In F. Peters, H. Kersten & K.D. Wolfenstetter (Eds.), Innovativer Datenschutz (pp. 205-242). Berlin: Duncker & Humbolt.

    Google Scholar 

  • Weis, S., Sarma, S., Rivest, R. & Engels, D. (2004). Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In D. Hutter, G. Müller, W. Stephan & M. Ullmann (Eds.), Security in Pervasive Computing (pp. 201-212). (Revised selected papers from the First International Conference, Boppard, Germany). Heidelberg: Springer.

    Chapter  Google Scholar 

  • Weiser, M. (1991). The Computer for the 21st Century. Scientific American, 265(3), 94-104.

    Article  Google Scholar 

  • Wells, Q. (2013). Smart Grid Home (international edition). New York: Cengage Learning.

    Google Scholar 

  • Wright, D., Gutwirth, S., Friedewald, M., Vildjiounaite, E. & Punie, Y. (2008), Safeguards in a World of Ambient Intelligence. Heidelberg: Springer.

    Google Scholar 

  • Zhang, C. & Huang, Y. (2009). Cloaking locations for anonymous location based services: a hybrid approach. GeoInformatica, 13(2), 159-182.

    Article  Google Scholar 

News(paper) Articles and Blogs

Download references

Author information

Authors and Affiliations

  1. Faculty of Law, University of Zurich, Zurich, Switzerland

    Aurelia Tamò-Larrieux

Authors
  1. Aurelia Tamò-Larrieux
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Tamò-Larrieux, A. (2018). Privacy Protection in an Internet of Things Environment. In: Designing for Privacy and its Legal Framework. Law, Governance and Technology Series(), vol 40. Springer, Cham. https://doi.org/10.1007/978-3-319-98624-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98624-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98623-4

  • Online ISBN: 978-3-319-98624-1

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation