A User-Centric Privacy-Preserving Approach to Control Data Collection, Storage, and Disclosure in Own Smart Home Environments

The smart environments around us collect a vast amount of data and disclose those data to third parties, thus potentially endangering our privacy. Research works and the European General Data Protection Regulation (GDPR) call for more user involvement in the privacy-preserving process. Existing privacy-preserving solutions do not present a solution for the entire data collection and disclosure process, while fully putting the users in the center. Therefore, in this paper, we address four main weaknesses of the existing solutions. This led us to derive a user-centric privacy-preserving approach, which allows the end users to control the entire data collection, storage, and disclosure process in smart home environments. Our approach includes: (1) applying different minimization and aggregation levels to control the data collection, (2) mechanisms helping users to assess the sensitivity level of the collected data types, (3) a model balancing privacy risks with benefits allows users to make decisions by considering their attitude towards data collection and sharing, and (4) an approach presenting privacy risks and advantages arising from sharing collected context-data allows users to make context-dependent data sharing decisions. Our paper also outlines how the proposed privacy-preserving approach can be implemented in the existing IoT system architecture in the future.