TY  - CONF
A1  - Paul, Niklas
A1  - Tesfay, Welderufael Berhane
A1  - Kipker, Dennis-Kenji
A1  - Stelter, Mattea
A1  - Pape, Sebastian
T1  - Assessing privacy policies of internet of things services
T2  - 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland
N2  - This paper provides an assessment framework for privacy policies of Internet of Things Services which is based on particular GDPR requirements. The objective of the framework is to serve as supportive tool for users to take privacy-related informed decisions. For example when buying a new fitness tracker, users could compare different models in respect to privacy friendliness or more particular aspects of the framework such as if data is given to a third party. The framework consists of 16 parameters with one to four yes-or-no-questions each and allows the users to bring in their own weights for the different parameters. We assessed 110 devices which had 94 different policies. Furthermore, we did a legal assessment for the parameters to deal with the case that there is no statement at all regarding a certain parameter. The results of this comparative study show that most of the examined privacy policies of IoT devices/services are insufficient to address particular GDPR requirements and beyond. We also found a correlation between the length of the policy and the privacy transparency score, respectively.
KW  - Internet of Things
KW  - Privacy Policies
KW  - General Data Protection Regulation
KW  - GDPR
KW  - ePrivacy Regulation
KW  - ePR
Y1  - 2019
UR  - http://publikationen.ub.uni-frankfurt.de/frontdoor/index/index/docId/58309
UR  - https://nbn-resolving.org/urn:nbn:de:hebis:30:3-583090
UR  - https://hal.inria.fr/hal-02023740
SN  - 978-3-319-99828-2
N1  - Distributed under a Creative Commons Attribution 4.0 International License http://creativecommons.org/licenses/by/4.0/
SP  - 156
EP  - 169
ER  -