IoTSec:Privacy Label explanation

= Process = During the IoTSec Workshop in Nov2017 with privacy and security experts we established both process details for considering privacy, influence of data types and parameters, grading of privacy (A-F), and identified open issues. The topics addressed hear are seen as work in progress.

Four areas regarding the process of data related to privacy
 * 1) which data are collected
 * 2) sharing to my phone, my cloud, public cloud,...
 * 3) data communication integrity and storage
 * 4) further distribution of data, ownership of data, further processing

Influence on data types

 * freshness of data
 * consent,
 * level of control,
 * notion of data sensitivity
 * transparency

Influence parameters
 * data
 * control functionality
 * security techniques
 * accountability
 * access to data

Open issues
 * access control (authentication) - transparency of authentication level
 * maintenance and update

= Level A++ =
 * no data are shared

= Level A+=

= Level A - Very high =
 * restricted use of data to purpose only (particular service)
 * supplier should bear the risk of incidents, e.g. they rather than I get penalised when things go wrong - equivalent to finansavtaleloven
 * if device is stolen - nobody else

= Level B =
 * specify the data to be collected, re-use for statistical data only, ensured integrity
 * customizable access control, eg.. add stronger authentication or consent requirements
 * must be able to trade off the various security requirements, e.g. confidentiality agains availability - i.e. I want flexibility
 * compliance with other standards - and this be listed (information requirement) - clipper compatible
 * anonymity of my interaction with the supplier
 * customer can control with how the information is transferred and used by a third party

= Level C =
 * data are collected without control (GPS+activity+heart rate), re-use only for statistical, encrypted storage


 * must be possible to withdraw consent - and that this results in all relevant information being deleted - and proof of deletion

= Level D =
 * data are collected, transparency of re-use
 * Data is not sold without consent/knowledge
 * transparency - I get told about the criteria that the supplier has used in their information classification
 * Information is only used for its legitimate purpose

= Level E =
 * collected data, no transparency of re-use
 * in compliance with GDPR
 * if data is stolen, I will get told
 * notification if DSO is hacked

= Level F - Failure=
 * no privacy, no control of data, everyone can see
 * nothing, no expectations

=Other aspects = Ongoing discussion that A-F might be too many levels to be considered, and that one should focus on only three levels (A-C), where C is compliance with GDPR.