**4.1 The 4I framework applied to privacy context**

To illustrate how the proposed 4I framework will work in an IoT-enabled home, a use case involving smart refrigerator is discussed in this section. Currently, when consumers buy an IoT device directly from vendors or service providers, they may have very little understanding when agreeing to the privacy policy (PP) and terms and conditions (T&C) before they start using the product or services or application. However, there are several risks associated with the data collected to render the services.

For example, the smart refrigerator can track our food preferences, search and order food from online stores [31]. Various traits of the fridge owners' eating behaviors can be inferred based on the search queries. If these data are sent to thirdparty business, they can use the information for the purpose of undesirable targeted advertisements. This can lead to the potential breach of privacy violating regulatory laws if explicit consent was not obtained from the consumer (**Figure 5**).

The **Identify** phase of the 4I framework discerns the potential risks associated with the consumer's data shared among the data processors in data supply chain. For example, it reviews the laws such as GDPR to understand the data protection rights of a smart home user [57] and ascertains the risk related to privacy and security breach. Policies related to data retention, service level agreement with vendors and data management are implemented in the **Insulation** phase of the framework. For instance, an agent called checkmyprivacyrules (CPMRs) can be installed at user's home router to ensure privacy policy and laws like GDPR are not violated based on a search query (**Figure 6**).

#### **Figure 5.**

*Business process in smart home refrigerator.*

#### **Figure 6.**

*Smart home 4I (filters, policies, rules, permissions) (adopted from [58]).*


#### **Figure 7.**

*Web configuration to add privacy rule for smart fridge.*

**Figure 7** shows a screen where smart fridge user can setup who can access the data. With the above settings, smart fridge can send data to cloud if

a.Device has latest firmware updates. This can be verified from Firmware update version captured periodically from Vendor Website by the agent installed in the router

b.Intended address to push data in the packet states matches external host IP address

**19**

**5. Conclusion**

**Acknowledgements**

Program Scholarship.

**Conflict of interest**

There is no conflict of interest.

*Privacy of IoT-Enabled Smart Home Systems DOI: http://dx.doi.org/10.5772/intechopen.84338*

address, it will not be accurate.

**Listing 1** shows the Pseudo code of the agent.

d.Reverse Proxy is enabled. This will ensure even if the ISP or business gets IP

Di ⊂ D

network

Di is the set of all smart IoT devices in a "Smart Home" and

Rij is the ruleset j applied to Device Di before it leaves home

Pi is the packet send by Di to the router.

The Inspection phase comprises of performing audit reviews periodically to assure the compliance of the process, systems and data flow. The **Inspect** phase can comprise of automated data quality checks and data access log monitoring. In the I**mprove** phase, continuous improvement is done to ensure the continuous adaptation in response to changing data privacy requirements and landscape. For example, improving the agent to ensure software is not only patched to current version, but also data are secured using tokenization techniques [59] can be an outcome of this final phase of the 4I framework.

IoT's business growth potential is undeniable. Advancement in IoT has opened up new prospects for growth in the diversified areas such as health, energy, transport and smart home. In this chapter, we provided an overview of the IoT technology and reallife examples of usage of this technology. Next, we discussed the privacy problems in IoT from a consumer's perspective. A review of the related work was presented along with research gaps. Next, we proposed and provided an overview of a data governance-driven 4I framework. Finally, we provided the pseudocode and demonstrated the applicability of the 4I framework to address the privacy concerns in a smart home refrigerator context. This involved the policies, rules and configurations using timetested data governance principles. In future, we intend to further test and improve the

4I framework in the overall context of data governance in digital ecosystem.

This research is supported by an Australian Government Research Training

c.Consent is set to "Yes"

*CheckMyPrivacyRules (Di)*

*For each Di in domain D For each rule Rij If substring(Pi)- = Rij. Transmit Data;*

*Send SMS/email to user Stop polling Di Endif Endif*

*Di - > device\_ Rij - > rule j for device Di*

*Begin*

*Else*

**Listing 1.**

*Pseudocode for CPM.*

c.Consent is set to "Yes"

*Internet of Things (IoT) for Automated and Smart Applications*

*Smart home 4I (filters, policies, rules, permissions) (adopted from [58]).*

**Figure 7** shows a screen where smart fridge user can setup who can access the data.

a.Device has latest firmware updates. This can be verified from Firmware update version captured periodically from Vendor Website by the agent installed in

b.Intended address to push data in the packet states matches external host IP address

With the above settings, smart fridge can send data to cloud if

*Web configuration to add privacy rule for smart fridge.*

**18**

**Figure 7.**

**Figure 5.**

**Figure 6.**

*Business process in smart home refrigerator.*

the router

d.Reverse Proxy is enabled. This will ensure even if the ISP or business gets IP address, it will not be accurate.


#### **Listing 1.**

*Pseudocode for CPM.*

The Inspection phase comprises of performing audit reviews periodically to assure the compliance of the process, systems and data flow. The **Inspect** phase can comprise of automated data quality checks and data access log monitoring. In the I**mprove** phase, continuous improvement is done to ensure the continuous adaptation in response to changing data privacy requirements and landscape. For example, improving the agent to ensure software is not only patched to current version, but also data are secured using tokenization techniques [59] can be an outcome of this final phase of the 4I framework.
