Abstract
The rise of low-cost Internet of Things (IoT) sensing and communication capabilities has given rise to a range of new smart services that rely on heterogeneous data from devices embedded in our everyday lives. The provision of such IoT services relies on environmental or user data from other data controllers (e.g. network provider, water agency, building management). Recent privacy regulations such as the European General Data Protection Requirement (GDPR) and California Consumer Privacy Act (CCPA) have made it mandatory for data controllers to perform enhanced processing of the shared data with appropriate privacy-preserving mechanisms before release to service providers. To facilitate this, we propose PE-IoT, a system for orchestrating privacy-enhanced data flows that (a) provides users (data subjects) with capabilities to opt-in/opt-out in the data that is shared with the service providers and (b) enable data controllers to invoke a range of Privacy Enhancing Technologies (PETs) such as anonymization, randomization, and perturbation to transform data streams into their privacy preserving counterparts. PE-IoT is based on a new model for privacy compliant data sharing and we describe the design and architecture of the PE-IoT system based on this model.