**3. Consumer-centric approach**

*Internet of Things (IoT) for Automated and Smart Applications*

[31] in order to build trust and confidence among end users.

consider PbD when developing IoT devices and applications.

**2.3 People aspects of privacy in IoT era**

shows DIKW in an IoT context.

**Description**

platform.

Wisdom Evaluated understanding of when and why data are used

**Hierarchy level**

devices [27]. It provides the state the right to hold IoT device makers more accountable for consumer's data security. IoT Cybersecurity Improvement Act of 2017 [28] requires: (i) that IoT devices are patchable, (ii) that devices do not contain known vulnerabilities, (iii) that devices rely on standard protocols, (iv) that devices do not contain hard-coded password and (v) technical aspects of privacy in IoT era. At present, different privacy-enhancing technologies (PETs) exist to protect privacy. Prevention, by means of access restrictions, is an effective way to safeguard customer privacy. In [29], the authors put forward a concept of using access control list (ACL) and data classification model, to classify data according to its sensitivity and assign tag value to each category. In [30], the authors presented the idea of using Certification Authority (CA)-based encryption to confirm the authenticity of sensor. Some authors argue that it adds overheads and hence it cannot be used as a viable solution. Instead, they proposed incorporating a chaos-based cryptographic scheme and Message Authentication Codes (MAC) for data transmission. In a recent research, authors from IT service firm Tata Consultancy Services recommended that the IoT stakeholders can adopt Preventive Privacy (3P) Framework

Privacy by Design (PbD) is defined as another popular approach that enables privacy to be "built in" to the design of the information systems and business processes, ensuring that privacy is considered before, and throughout, the development and implementation of all initiatives that involve personal information [32]. Dr. Ann Cavoukian first proposed it in Canada in the 1990s. PbD is one of the highly recommended approaches to protect individual's privacy [31, 33] concerns in IoT. Unfortunately, even though the USA Federal Trade commission (FTC) and the European Commission accepted PbD to be effective [34], not all manufacturers

According to a survey conducted by Cisco in 2017, "human factors" such as organization, culture and leadership contributed to the success of IoT implementations 75% of the time—which was higher than technical aspects [35]. A number of stakeholders are involved in IoT digital ecosystem such as the end users, product suppliers, Internet service providers, cloud storage functionalities and retailers. As mentioned earlier, a significant aspect of the value of IoT for consumers refers to: aggregating data collected from many source systems, generating new knowledge and making fact-based choices. The utilization of data to add value is best explained by the well-known DIKW hierarchy from Ackoff [36]. DIKW is a fourlayer hierarchy comprising of data, information, knowledge and wisdom where each layer adds certain characteristics over and above the previous one. **Table 3**

Data Most basic level of facts. Collected from things and used for storage and processing. Information Computing platform adds context to data (who, what, where, when) ingested.

Knowledge This layer answers the question on how data are used. Analytics is applied in computing

**14**

**Table 3.**

*DIKW in an IoT context.*

While IoT organizations are aware of the need for adopting PET and incorporating PbD, there is little guidance available on how to do so. Though there are PbD-driven frameworks available [34], no concrete solutions to establish auditing mechanism or control method systems have been developed (**Table 4**).

The lifecycle of an IoT service or product is shown in **Figure 2**.

**Figure 3** summarizes: what can be done, at the minimal level, by consumer to safeguard his/her privacy. This provides the basis for the further development of


#### **Table 4.**

*Consumer's perspective of IoT product lifespan.*

**Figure 2.** *IoT product lifecycle.*

**Figure 3.** *Mitigation options for consumers (based on [31, 46, 47]).*


#### **Table 5.**

*Key questions in IoT for consumers.*

an IoT privacy tool or framework, which can address the concerns of the consumer [31, 40–45] compiled in **Table 5**.
