Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.4.995

Improving Personal Data Protection in IoT Environments  

Lee, Ae Ri (Barun ICT Research Center, Yonsei University)
Son, Soomin (Barun ICT Research Center, Yonsei University)
Kim, Hyun Jin (Korea Credit Information Services)
Kim, Beomsoo (Graduate School of Information, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.4, 2016 , pp. 995-1012 More about this Journal
Abstract
In Internet of Things (IoT) environments, devices or sensors everywhere can automatically collect data without the individual awareness, further combine and share data using ubiquitous network, and thus the development of IoT raises new challenges in respect of personal data protection and privacy. This study aims to identify main issues related to data protection in the IoT and propose adequate measures. We analyzed the types of personal data controllers and processors in IoT and figured out the issues regarding the processing of personal data and the rights to privacy of data subject. Accordingly, we suggested the institutional ways (e.g., establishment of user-friendly notice and flexible consent system, re-identification risk monitoring system, data protection in cross-border transfer, and user education) to improve the situation of personal data protection in IoT and finally proposed the improvement tasks to carry out first based on the degree of urgency and importance.
Keywords
IoT; Personal Data Protection; Right of Data Subject; Data Controller; Data Processor;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 ITU-T, "The Internet of Things," ITU-T Internet Report, Nov. 2005.
2 J. Gubbi, R. Buyya, S, Marusic, and M. Palaniswami, "Internet of Things (IoT): a vision, architectural elements, and future directions," Future Generation Computer Systems, vol. 29, no.7, pp. 1645-1660, Sep. 2013.   DOI
3 Gartner, "2015 Hype cycle for emerging technologies identifies the computing innovations that organizations should monitor," Hype Cycle Special Report, Aug. 2015.
4 Gartner, "6.4 Billion connected things will be in use in 2016, up 30 percent from 2015," Gartner Symposium/ITxpo 2015 in Barcelona, Nov. 2015.
5 EU Article 29 Data Protection Working Party, "Opinion 8/2014 on the on recent developments on the Internet of Things," EU, Aug. 2014.
6 Advisory Board, "With tracking devices, employers may track workers' health," Advisory Board Briefing, Jan. 2013.
7 Ministry of the Interior, "Korea privacy information protection Act," 2016.
8 EPIC(Electronic Privacy Information Center), "Google class and privacy," EPIC.org, Apr. 2013.
9 ICO(Information Commissioner's Office), "Wearable technology - the future of privacy," ICO, 2014.
10 Min-joong Kim, "A study on the issues related with the contents protection in the future Internet," Chonbuk Law Review, 32, pp. 49-86, May 2011.
11 Boannews, "The IoT has arrived, think personal data protection first," Boannews.com, Nov. 2015. Available: http://www.boannews.com/media/view.asp?idx=48408&kind=2
12 Ministry of the Interior, "Regulations for Korea privacy information protection Act," 2016.
13 National Information Society Agency, "Guidelines for self-assessment of conformity about de-identification on personal data," NIA, Dec. 2014.
14 ICO(Information Commissioner's Office), "Anonymisation: managing data protection risk code of practice," ICO, Nov. 2012.
15 Jae-geun Lee, Sang-ug Kang, and Heung-Youl Youm, "Analysis of personal information protection circumstances based on collecting and storing data in privacy policies," Journal of the Korea Institute of Information Security and Cryptology, 23(4), pp. 768-774, Aug. 2013.
16 Won-jin Sun and Doo-hyun Kim, "Change to hyper-connected society and personal information protection," The Journal of The Korean Institute of Communication Science, 31(4), pp. 53-58, Mar. 2014.
17 Young-jin Shin, "A study on policy to protect personal information for cross-border transfers: focused on suggestion of political tasks and practical issues," Journal of Korean Association for Regional Information Society, 16(4), pp. 71-104, Dec. 2013.
18 Il-hwan Kim, "A study on international standard and content for the trans-border flow of personal information," Studies on American Constitution, 24(1), pp. 125-154, Apr. 2013.
19 NAVER, "NAVER privacy policy (Ver. 8.1)," NAVER Corp., 2016. Available: http://www.naver.com/rules/privacy.html
20 EU Article 29 Data Protection Working Party, "Opinion 02/2013 on apps on smart devices," EU, Feb. 2013.
21 Japanese Government, "Act on the protection of personal information in Japan," Act No. 57, 2003.
22 Ministry of Science, ICT and Future Planning, "IoT comprehensive plan - IoT test site construction," Jul. 2014.
23 OECD, "The OECD privacy framework," OECD.org, Nov. 2013.
24 DIGIECO, "Personal information protection issues and implications of Google glass," DIGIECO Issue & Trend, Aug. 2013.
25 A. Cavoukian, "Privacy by design," Information and Privacy Commissioner of Ontario, Jan. 2011.
26 Boannews, "Big data, information and per sonal data," Boannews.com, Nov. 2014. Available: http://www.boannews.com/ media/view.asp?idx=44121&kind=3
27 Ministry of Science, ICT and Future Planning, "The future of IoT - purpose, strategy and challenge," May. 2014.
28 SISA Financial Company, "Comprehensive measures for recurrence prevention of personal information breach in financial areas," SISA Finance, 30(4), pp. 101-110, Apr. 2014.