Towards Privacy-Friendly Smart Products

Item Type Forthcoming
Abstract Smart products, such as toy robots, must comply with multiple legal requirements of the country they are sold and used. Currently, compliance with the legal environment requires manually customizing products for different markets. In this paper, we explore a design approach for smart products that enforces compliance with aspects of the European Union’s data protection principles within a product’s firmware through a case study on a toy robot. This endeavour has taken us through an exchange between computer scientists and legal scholars to determine the relevant data flows, their processing needs, and the implementation decisions that would allow a device to operate while complying with the EU data protection law. By designing a data-minimizing toy robot, we show how the variety, amount, and quality of data that is exposed, processed, and stored outside of a user’s premises can be considerably reduced while preserving the device’s functionality. In comparison with a robot designed using a traditional approach, where 90% of the collected types of information are stored with the data controller or a remote service, our proposed design leads to the mandatory exposure of only seven out of 15 collected types of information, all of which are legally required by the data controller to demonstrate consent.
Authors Garcia, Kimberly; Zihlmann, Zaira; Mayer, Simon & Tamo-Larrieux, Aurelia
Language English
Subjects computer science
HSG Classification contribution to scientific community
Refereed No
Date 30 March 2021
Depositing User Dr. Kimberly Garcia
Date Deposited 30 Mar 2021 08:10
Last Modified 28 Mar 2023 00:26


[img] Text
TechPaperToyRobot_Alexandria.pdf - Submitted Version

Download (265kB)


Garcia, Kimberly; Zihlmann, Zaira; Mayer, Simon & Tamo-Larrieux, Aurelia (2021) Towards Privacy-Friendly Smart Products.

Edit item Edit item