Developing GDPR Compliant User Data Policies for Internet of Things

Abstract

With recent adoption of Internet of Things (IoT) technologies and their use in industry, user data privacy concerns remain a major preoccupation of regulation bodies. The European General Data Protection Regulation (GDPR) enables users to control their data and be informed about any devices involved in collecting and processing this data. The overall objective is to enable individuals to have full rights and control over their data assets and to be able to transfer their data without any unmitigated risk. Blockchains provide the benefits of a distributed ledger that can securely manage digital transactions -- where the centralisation of data is eliminated. Blockchains have recently entered as an enabling technology into the IoT market, and used in a variety of different application areas. Blockchains enable the implementation of a more trusted system capable of processing operations between IoT services and sources of data. In smart buildings, for example, Blockchains support the formation of smart contracts as a means to give transactional capabilities to IoT devices, allowing users to keep data ownership and privacy using an immutable dataset. We describe how Blockchain technology can be used to develop an audit trail of data generated in IoT devices, enabling GDPR rules to be verified on such a trail. We describe how to translate a set of such rules into smart contracts to protect personal data in a transparent and automatic way.