Abstract:
Internet of Things (IoT) applications typically collect and analyse personal data that is categorised as sensitive or special
category of personal data. These data are subject to a higher degree of protection under data privacy laws. Regardless of
legal requirements to support privacy practices, such as in Privacy by Design (PbD) schemes, these practices are not yet
commonly followed by software developers. The difficulty of developing privacy-preserving applications emphasises the
importance of exploring the problems developers face to embed privacy techniques, suggesting the need for a supporting
tool. An interactive IoT application design tool – PARROT (PrivAcy by design tool foR inteRnet Of Things) – is presented.
This tool helps developers to design privacy-aware IoT applications, taking account of privacy compliance during the design
process and providing real-time feedback on potential privacy violations. A user study with 18 developers was conducted,
comprising a semi-structured interview and a design exercise to understand how developers typically handle privacy within
the design process. Collaboration with a privacy lawyer was used to review designs produced by developers to uncover
privacy limitations that could be addressed by developing a software tool. Based on the findings, a proof-of-concept prototype
of PARROT was implemented and evaluated in two controlled lab studies. The outcome of the study indicates that IoT
applications designed with PARROT addressed privacy concerns better and managed to reduce several of the limitations
identified. From a privacy compliance perspective, PARROT helps developers to address compliance requirements throughout
the design and testing process. This is achieved by incorporating privacy specific design features into the IoT application
from the beginning rather than retrospectively
Citation:
Alhirabi, N., Beaumont, S., Llanos, J. T., Meedeniya, D., Rana, O., & Perera, C. (2023). PARROT: Interactive Privacy-Aware Internet of Things Application Design Tool. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 7(1), 1:1-1:37. https://doi.org/10.1145/3580880