On the Principle of Accountability: Challenges for Smart Homes & Cybersecurity

Crabtree, A. Mortier, R. Haddadi, H. Privacy by Design for the Internet of Things: Building Accountability and Security. IET Press Forthcoming

26 Pages Posted: 13 Jul 2020

See all articles by Lachlan Urquhart

Lachlan Urquhart

University of Edinburgh - School of Law; Horizon Digital Economy Research Institute

Jiahong Chen

University of Sheffield, School of Law; University of Nottingham

Date Written: June 17, 2020

Abstract

This chapter introduces the ‘Accountability Principle’ and its role in data protection (DP) governance. We focus on what accountability means in the context of cybersecurity management in smart homes, considering the EU General Data Protection Law (GDPR) requirements to secure personal data. This discussion sits against the backdrop of two key new developments in data protection law. Firstly, the law is moving into the home, due to narrowing of the so called ‘household exemption’. Concurrently, household occupants may now have legal responsibilities to comply with the GDPR, as they find themselves jointly responsible for compliance, as they are possibly held to determine the means and purposes of data collection with IoT device vendors. As a complex socio-technical space, we consider the interactions between accountability requirements and the competencies of this new class of ‘domestic data controllers’ (DDC). Specifically, we consider the value and limitations of edge-based security analytics to manage smart home cybersecurity risks, reviewing a range of prototypes and studies of their use. We also reflect on interpersonal power dynamics in the domestic setting e.g. device control; existing social practices around privacy and security management in smart homes; and usability issues that may hamper DDCs ability to rely on such solutions. We conclude by reflecting on 1) the need for collective security management in homes and 2) the increasingly complex divisions of responsibility in smart homes between device users, account holders, IoT device/software/firmware vendors, and third parties.

Keywords: IoT, accountability, responsibility, GDPR, domestic data controller, human computer interaction, privacy engineering.

Suggested Citation

Urquhart, Lachlan and Chen, Jiahong, On the Principle of Accountability: Challenges for Smart Homes & Cybersecurity (June 17, 2020). Crabtree, A. Mortier, R. Haddadi, H. Privacy by Design for the Internet of Things: Building Accountability and Security. IET Press Forthcoming, Available at SSRN: https://ssrn.com/abstract=3629119

Lachlan Urquhart (Contact Author)

University of Edinburgh - School of Law

Old College
South Bridge
Edinburgh, EH8 9YL
United Kingdom

Horizon Digital Economy Research Institute ( email )

University of Nottingham Innovation Park
Triumph Road
Nottingham, NG7 2TU
United Kingdom

Jiahong Chen

University of Sheffield, School of Law ( email )

Bartolomé House
Winter St
Sheffield, S3 7ND
United Kingdom

University of Nottingham ( email )

United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
179
Abstract Views
676
Rank
287,678
PlumX Metrics