On the Principle of Accountability: Challenges for Smart Homes & Cybersecurity
Crabtree, A. Mortier, R. Haddadi, H. Privacy by Design for the Internet of Things: Building Accountability and Security. IET Press Forthcoming
26 Pages Posted: 13 Jul 2020
Date Written: June 17, 2020
Abstract
This chapter introduces the ‘Accountability Principle’ and its role in data protection (DP) governance. We focus on what accountability means in the context of cybersecurity management in smart homes, considering the EU General Data Protection Law (GDPR) requirements to secure personal data. This discussion sits against the backdrop of two key new developments in data protection law. Firstly, the law is moving into the home, due to narrowing of the so called ‘household exemption’. Concurrently, household occupants may now have legal responsibilities to comply with the GDPR, as they find themselves jointly responsible for compliance, as they are possibly held to determine the means and purposes of data collection with IoT device vendors. As a complex socio-technical space, we consider the interactions between accountability requirements and the competencies of this new class of ‘domestic data controllers’ (DDC). Specifically, we consider the value and limitations of edge-based security analytics to manage smart home cybersecurity risks, reviewing a range of prototypes and studies of their use. We also reflect on interpersonal power dynamics in the domestic setting e.g. device control; existing social practices around privacy and security management in smart homes; and usability issues that may hamper DDCs ability to rely on such solutions. We conclude by reflecting on 1) the need for collective security management in homes and 2) the increasingly complex divisions of responsibility in smart homes between device users, account holders, IoT device/software/firmware vendors, and third parties.
Keywords: IoT, accountability, responsibility, GDPR, domestic data controller, human computer interaction, privacy engineering.
Suggested Citation: Suggested Citation