short-paper

Implementing GDPR for mobile and ubiquitous computing

Authors:

Carlos Bermejo Fernandez,

Pan HuiAuthors Info & Claims

HotMobile '22: Proceedings of the 23rd Annual International Workshop on Mobile Computing Systems and Applications

Pages 88 - 94

https://doi.org/10.1145/3508396.3512880

Published: 09 March 2022 Publication History

Abstract

The General Data Protection Regulation (GDPR) presents directives to give data subjects control over their personal data. These directives impose data-collecting and processing organizations to take concrete actions for privacy preservation of users and non-users alike. Significant challenges arise when applying these directives to mobile and ubiquitous computing. Mobile and ubiquitous computing aim for computer use to be as transparent and seamless as possible. Inconspicuous devices continually sense their environment, often without the data subject's knowledge. This context significantly complicates the implementation of core GDPR directives, such as informing the user and collecting consent. In this paper, we challenge the mobile computing research community on how to address such issues in practical implementations that combine the philosophy of mobile and ubiquitous computing with often constraining privacy-regulations.

References

[1]

Privacy Affairs. 2022. GDPR Fines Tracker & Statistics. https://www.privacyaffairs.com/gdpr-fines/. [Online; accessed January-2022].

[2]

Mohammad Al-Rubaie and J Morris Chang. 2019. Privacy-preserving machine learning: Threats and solutions. IEEE Security & Privacy 17, 2 (2019), 49--58.

[3]

Ioannis Andrea, Chrysostomos Chrysostomou, and George Hadjichristofi. 2015. Internet of Things: Security vulnerabilities and challenges. In 2015 IEEE Symposium on Computers and Communication (ISCC). IEEE, 180--187.

Digital Library

[4]

Carlos Bermejo Fernandez, Dimitris Chatzopoulos, Dimitrios Papadopoulos, and Pan Hui. 2021a. This Website Uses Nudging: MTurk Workers' Behaviour on Cookie Consent Notices. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (2021), 1--22.

[5]

Carlos Bermejo Fernandez, Lik Hang Lee, Petteri Nurmi, and Pan Hui. 2021b. PARA: Privacy Management and Control in Emerging IoT Ecosystems using Augmented Reality. In Proceedings of the 2021 International Conference on Multimodal Interaction. 478--486.

Digital Library

[6]

Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot. 2019. Machine Unlearning. arXiv preprint arXiv:1912.03817 (2019).

[7]

Claude Castelluccia, Mathieu Cunche, Daniel Le Métayer, and Victor Morel. 2018. Enhancing transparency and consent in the IoT. In 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 116--119.

[8]

Mathieu Cunche, Daniel Le Métayer, and Victor Morel. 2018. A generic information and consent framework for the IoT. arXiv preprint arXiv:1812.06773 (2018).

[9]

Anupam Das, Martin Degeling, Daniel Smullen, and Norman Sadeh. 2018. Personalized privacy assistants for the internet of things: providing users with notice and choice. IEEE Pervasive Computing 17, 3 (2018), 35--46.

Digital Library

[10]

Eing Kai Timothy Neo Dr. Davide Borelli, Ningxin Xie. 2018. The Internet of Things: Is it just about GDPR? https://www.pwc.co.uk/services/risk/technology-data-analytics/data-protection/insights/the-internet-of-things-is-it-just-about-gdpr.html. [Online; accessed 10-September-2021].

[11]

Cynthia Dwork. 2008. Differential privacy: A survey of results. In International conference on theory and applications of models of computation. Springer, 1--19.

Digital Library

[12]

Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. 2019. Exploring how privacy and security factor into IoT device purchase behavior. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1--12.

Digital Library

[13]

Branden Ghena, Joshua Adkins, Longfei Shangguan, Kyle Jamieson, Philip Levis, and Prabal Dutta. 2019. Challenge: Unlicensed LPWANs Are Not Yet the Path to Ubiquitous Connectivity. In The 25th Annual International Conference on Mobile Computing and Networking. 1--12.

Digital Library

[14]

Oded Goldreich and Hugo Krawczyk. 1996. On the composition of zero-knowledge proof systems. SIAM J. Comput. 25, 1 (1996), 169--192.

Digital Library

[15]

Bryce Goodman and Seth Flaxman. 2017. European Union regulations on algorithmic decision-making and a "right to explanation". AI magazine 38, 3 (2017), 50--57.

[16]

Ibbad Hafeez, Aaron Yi Ding, Lauri Suomalainen, Alexey Kirichenko, and Sasu Tarkoma. 2016. Securebox: Toward safer and smarter IoT networks. In Proceedings of the 2016 ACM Workshop on Cloud-Assisted Networking. 55--60.

Digital Library

[17]

Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G Shin, and Karl Aberer. 2018. Polisis: Automated analysis and presentation of privacy policies using deep learning. In 27th {USENIX} security symposium ({USENIX} security 18). 531--548.

[18]

Rakibul Hasan, Yifang Li, Eman Hassan, Kelly Caine, David J Crandall, Roberto Hoyle, and Apu Kapadia. 2019. Can privacy be satisfying? On improving viewer satisfaction for privacy-enhanced photos using aesthetic transforms. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1--13.

Digital Library

[19]

Briland Hitaj, Giuseppe Ateniese, and Fernando Perez-Cruz. 2017. Deep models under the GAN: information leakage from collaborative deep learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 603--618.

Digital Library

[20]

Zhiren Huang, Ximan Ling, Pu Wang, Fan Zhang, Yingping Mao, Tao Lin, and Fei-Yue Wang. 2018. Modeling real-time human mobility based on mobile phone and transportation data fusion. Transportation research part C: emerging technologies 96 (2018), 251--269.

[21]

Florian Kammueller. 2018. Formal modeling and analysis of data protection for GDPR compliance of IoT healthcare systems. In 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 3319--3324.

Digital Library

[22]

Jiawen Kang, Zehui Xiong, Dusit Niyato, Yuze Zou, Yang Zhang, and Mohsen Guizani. 2020. Reliable federated learning for mobile networks. IEEE Wireless Communications (2020).

[23]

Abhishek Kumar, Tristan Braud, Young D Kwon, and Pan Hui. 2020. Aquilis: Using Contextual Integrity for Privacy Protection on Mobile Devices. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 4 (2020), 1--28.

Digital Library

[24]

Abhishek Kumar, Benjamin Finley, Tristan Braud, Sasu Tarkoma, and Pan Hui. 2021. Sketching an AI Marketplace: Tech, Economic, and Regulatory Aspects. IEEE Access 9 (2021), 13761--13774.

[25]

Nicholas D Lane and Pete Warden. 2018. The deep (learning) transformation of mobile and embedded computing. Computer 51, 5 (2018), 12--16.

[26]

Marc Langheinrich. 2001. Privacy by design---principles of privacy-aware ubiquitous systems. In International conference on Ubiquitous Computing. Springer, 273--291.

Digital Library

[27]

Kiron Lebeck, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. 2017. Securing augmented reality output. In 2017 IEEE symposium on security and privacy (SP). IEEE, 320--337.

[28]

Thomas Linden, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. 2020. The privacy policy landscape after the GDPR. Proceedings on Privacy Enhancing Technologies 2020, 1 (2020), 47--64.

[29]

Tom Lodge, Andy Crabtree, and Anthony Brown. 2018. Developing GDPR Compliant Apps for the Edge. In Data Privacy Management, Cryptocurrencies and Blockchain Technology. Springer, 313--328.

[30]

Mateusz Mikusz, Steven Houben, Nigel Davies, Klaus Moessner, and Marc Langheinrich. 2018. Raising awareness of IoT sensor deployments. (2018).

[31]

Victor Morel, Mathieu Cunche, and Daniel Le Métayer. 2019. A generic information and consent framework for the IoT. In 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 366--373.

[32]

Richard Mortier, Jianxin Zhao, Jon Crowcroft, Liang Wang, Qi Li, Hamed Haddadi, Yousef Amar, Andy Crabtree, James Colley, Tom Lodge, et al. 2016. Personal data management with the databox: What's inside the box?. In Proceedings of the 2016 ACM Workshop on Cloud-Assisted Networking. 49--54.

Digital Library

[33]

Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kévin Huguenin, Mohammad Emtiyaz Khan, and Jean-Pierre Hubaux. 2017. Smarper: Context-aware and automatic runtime-permissions for mobile devices. In Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 1058--1076.

[34]

Tribhuvanesh Orekondy, Mario Fritz, and Bernt Schiele. 2018. Connecting pixels to privacy and utility: Automatic redaction of private information in images. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 8466--8475.

[35]

European Parliament. 2016. General Data Protection Regulation. https://data.europa.eu/eli/reg/2016/679/2016-05-04. [Online; accessed 2-February-2022].

[36]

IDC Research. 2013. Always Connected --- How Smartphones And Social Keep Us Engaged. Technical Report. https://www.nu.nl/files/IDC-FacebookAlwaysConnected(1).pdf [Online; accessed 24-March-2020].

[37]

Mouna Rhahla, Takoua Abdellatif, Rabah Attia, and Wassel Berrayana. 2019. A GDPR controller for IoT systems: application to e-health. In 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). IEEE, 170--173.

[38]

Subhadeep Sarkar, Jean-Pierre Banatre, Louis Rilling, and Christine Morin. 2018. Towards Enforcement of the EU GDPR: Enabling Data Erasure. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 222--229.

[39]

Stefan Saroiu, Alec Wolman, and Sharad Agarwal. 2015. Policy-carrying data: A privacy abstraction for attaching terms of service to mobile data. In Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications. 129--134.

Digital Library

[40]

Cigdem Sengul. 2017. Privacy, consent and authorization in IoT. In 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN). IEEE, 319--321.

[41]

Junwoo Seo, Kyoungmin Kim, Mookyu Park, Moosung Park, and Kyungho Lee. 2017. An analysis of economic impact on IoT under GDPR. In 2017 International Conference on Information and Communication Technology Convergence (ICTC). IEEE, 879--881.

[42]

Supreeth Shastri, Melissa Wasserman, and Vijay Chidambaram. 2019. The Seven Sins of Personal-Data Processing Systems under GDPR. In Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing (Renton, WA, USA) (HotCloud'19). USENIX Association, USA, 1.

[43]

Kirill A Shatilov, Dimitris Chatzopoulos, Lik-Hang Lee, and Pan Hui. 2019. Emerging Natural User Interfaces in Mobile Computing: A Bottoms-Up Survey. arXiv preprint arXiv:1911.04794 (2019).

[44]

Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. 1310--1321.

[45]

Jiayu Shu, Rui Zheng, and Pan Hui. 2018. Cardea: context-aware visual privacy protection for photo taking and sharing. In Proceedings of the 9th ACM Multimedia Systems Conference. 304--315.

Digital Library

[46]

Mingcong Song, Kan Zhong, Jiaqi Zhang, Yang Hu, Duo Liu, Weigong Zhang, Jing Wang, and Tao Li. 2018. In-situ ai: Towards autonomous and incremental deep learning for IoT systems. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 92--103.

[47]

Madiha Tabassum, Jess Kropczynski, Pamela Wisniewski, and Heather Richter Lipford. 2020. Smart home beyond the home: A case for community-based access control. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. 1--12.

Digital Library

[48]

Sandra Wachter. 2018. Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Computer law & security review 34, 3 (2018), 436--449.

[49]

Mark Weiser. 1999. The Computer for the 21st Century. SIGMOBILE Mob. Comput. Commun. Rev. 3, 3 (July 1999), 3--11. 1559-1662

Digital Library

[50]

Jun Zhou, Zhenfu Cao, Xiaolei Dong, and Athanasios V Vasilakos. 2017. Security and privacy for cloud-based IoT: Challenges. IEEE Communications Magazine 55, 1 (2017), 26--33.

Digital Library

Cited By

Olapade MHasanli TOttun AAkintola ALiyanage MFlores H(2024)Pervasive Chatbots: Investigating Chatbot Interventions for Multi-Device ApplicationsProceedings of the 32nd ACM Conference on User Modeling, Adaptation and Personalization10.1145/3627043.3659570(290-300)Online publication date: 22-Jun-2024
https://dl.acm.org/doi/10.1145/3627043.3659570
Malki LKaleva IPatel DWarner MAbu-Salma R(2024)Exploring Privacy Practices of Female mHealth Apps in a Post-Roe WorldProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642521(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642521
Liu CZhao YBraud T(2024)MobileARLoc: On-device Robust Absolute Localisation for Pervasive Markerless Mobile AR2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)10.1109/PerComWorkshops59983.2024.10503320(544-549)Online publication date: 11-Mar-2024
https://doi.org/10.1109/PerComWorkshops59983.2024.10503320
Show More Cited By

Recommendations

The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise
Special Issue on Analytics for Cybersecurity and Privacy, Part 2 and Regular Papers

The General Data Protection Regulation (GDPR) is considered by some to be the most important change in data privacy regulation in 20 years. Effective May 2018, the European Union GDPR privacy law applies to any organization that collects and processes ...
GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

In this article, we discuss the issues of GDPR's impact on cyber-security software and operations, namely automated information sharing. We illustrate the topic on an example of an intrusion detection alert sharing platform. First, we had to investigate ...
Balancing privacy and serendipity in cyberspace
HotMobile '22: Proceedings of the 23rd Annual International Workshop on Mobile Computing Systems and Applications

Unplanned encounters or casual collisions between colleagues have long been recognized as catalysts for creativity and innovation. The absence of such encounters has been a negative side effect of COVID-enforced remote work. However, there have also ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HotMobile '22: Proceedings of the 23rd Annual International Workshop on Mobile Computing Systems and Applications

March 2022

137 pages

ISBN:9781450392181

DOI:10.1145/3508396

General Chair:
Robert LiKamWa
Arizona State University
,
Program Chair:
Urs Hengartner
University of Waterloo

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 March 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Research Grants Council of Hong Kong
5GEAR project
FIT project

Conference

HotMobile '22

Sponsor:

SIGMOBILE

HotMobile '22: The 23rd International Workshop on Mobile Computing Systems and Applications

March 9 - 10, 2022

Arizona, Tempe

Acceptance Rates

Overall Acceptance Rate 96 of 345 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
302
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)6

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Olapade MHasanli TOttun AAkintola ALiyanage MFlores H(2024)Pervasive Chatbots: Investigating Chatbot Interventions for Multi-Device ApplicationsProceedings of the 32nd ACM Conference on User Modeling, Adaptation and Personalization10.1145/3627043.3659570(290-300)Online publication date: 22-Jun-2024
https://dl.acm.org/doi/10.1145/3627043.3659570
Malki LKaleva IPatel DWarner MAbu-Salma R(2024)Exploring Privacy Practices of Female mHealth Apps in a Post-Roe WorldProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642521(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642521
Liu CZhao YBraud T(2024)MobileARLoc: On-device Robust Absolute Localisation for Pervasive Markerless Mobile AR2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)10.1109/PerComWorkshops59983.2024.10503320(544-549)Online publication date: 11-Mar-2024
https://doi.org/10.1109/PerComWorkshops59983.2024.10503320
Park CAlhilal ABraud THui P(2024)AnchorLoc: Large-Scale, Real-Time Visual Localisation Through Anchor Extraction and Detection2024 IEEE International Conference on Pervasive Computing and Communications (PerCom)10.1109/PerCom59722.2024.10494441(125-134)Online publication date: 11-Mar-2024
https://doi.org/10.1109/PerCom59722.2024.10494441
Flores H(2024)AI Sensors and DashboardsComputer10.1109/MC.2024.339405657:8(55-64)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/MC.2024.3394056
Ottun AAsadi MBoerger MTcholtchev NGonçalves JBorovčanin DSiniarsk BFlores H(2023)One to Rule them All: A Study on Requirement Management Tools for the Development of Modern AI-based Software2023 IEEE International Conference on Big Data (BigData)10.1109/BigData59044.2023.10386926(3556-3565)Online publication date: 15-Dec-2023
https://doi.org/10.1109/BigData59044.2023.10386926
Lee WA JHsu HHsiung P(2022)SPChain: A Smart and Private Blockchain-Enabled Framework for Combining GDPR-Compliant Digital Assets Management With AI ModelsIEEE Access10.1109/ACCESS.2022.322796910(130424-130443)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3227969

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten