Abstract
There is an increasing recognition of the value of personal data, and the extent of damage that can be caused if personal information is interfered with, released or stolen. Protection of personal data from unauthorised access or modification has been recognised in privacy regulations around the world. The European General Data Protection Regulation (GDPR) applies to anyone, or any organisation that handles personal data relating to a European citizen, irrespective of where in the world the data is held or used. Personal data includes information about an individual, their movements, or assets that can be associated with them directly, or by reference to other data files. Basic protection of privacy is achieved by using strong encryption to provide security of information (as described in Chap. 7), that is not sufficient. Personal data may be passed securely to a database, but who can access that database and what limits can be placed on their usage of those data? This chapter tries to answer to this and other important privacy-related questions. At the end of the chapter we introduce a reader with an architecture that limits the number of organisations and value-added service providers that can access personal data. The architecture was developed within the EU funded project VICINITY.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Amazon: Amazon Web Services Developer Guide. https://docs.aws.amazon.com/en_en/iot/latest/developerguide/iot-dg.pdf
Brakerski, Z., Gentry, C., & Vaikuntanathan, V. (2011). Fully homomorphic encryption without bootstrapping. Cryptology ePrint Archive, Report 2011/277. https://eprint.iacr.org/2011/277
Brakerski, Z., & Vaikuntanathan, V. (2011). Fully homomorphic encryption from ring-LWE and security for key dependent messages. In Annual Cryptology Conference CRYPTO 2011: Advances in Cryptology - CRYPTO 2011 (pp. 505–524 )
British Standards Institution. (2017). EU General Data Protection Regulation 20 Steps to GDPR Compliance - A Methodical, Systematic and Logical Approach - A Whitepaper. Tech. rep. https://www.bsigroup.com/LocalFiles/en-GB/CSIR/Resources/Whitepaper/UK-ENGB-CSIR-WP-20-steps-to-GDPR-PDF.pdf
Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5. https://www.iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf
Damgå rd, I., Pastro, V., Smart, N., & Zakarias, S. (2011). Multiparty computation from somewhat homomorphic encryption. IACR Cryptology ePrint Archive 2011, 535. https://doi.org/10.1007/978-3-642-32009-5_38
Dijk van, M., Gentry, C., Halevi, S., & Vaikuntanathan, V. (2010). Fully homomorphic encryption over the integers. In Annual International Conference on the Theory and Applications of Cryptographic Techniques EUROCRYPT 2010: Advances in Cryptology - EUROCRYPT 2010 (pp. 24–43)
Dix, A., Thüsing, G., Traut, J., Christensen, L., Etro, F., Aaronson, S. A., et al. (2013). EU data protection reform: Opportunities and concerns. Intereconomics, 48(5), 268–285. https://doi.org/10.1007/s10272-013-0470-y
Eclipse Foundation, Inc.: IoT developer survey 2019 results. (2019). https://iot.eclipse.org/resources/iot-developer-survey/iot-developer-survey-2019.pdf
European Commission: Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016. Official Journal of the European Union L119/1 (2016). http://data.europa.eu/eli/reg/2016/679/2016-05-04
European Union. Article 29 working party archives. http://data.europa.eu/eli/reg/2016/679/2016-05-04
European Union. European data protection board. https://edpb.europa.eu/
European Union. (2012). Charter of fundamental rights of the European Union (2012/c 326/02)
Gentry, C. (2009). A Fully Homomorphic Encryption Scheme. Ph.D. thesis, Stanford University. https://crypto.stanford.edu/craig
Gentry, C., & Halevi, S. (2011). Implementing gentry’s fully-homomorphic encryption scheme. In Annual International Conference on the Theory and Applications of Cryptographic Techniques EUROCRYPT 2011: Advances in Cryptology - EUROCRYPT 2011 (pp. 129–148)
Guth, J., Breitenbücher, U., Falkenthal, M., Fremantle, P., Kopp, O., Leymann, F., et al. (2018). A detailed analysis of IoT platform architectures: Concepts, similarities, and differences. In Internet of everything (pp. 81–101). Singapore: Springer.
Kölsch, J., Heinz, C., Ratzke, A., & Grimm, C. (2019). Simulation-based performance validation of homomorphic encryption algorithms in the internet of things. Future Internet, 11(10). https://doi.org/10.3390/fi11100218. https://www.mdpi.com/1999-5903/11/10/218
Lee, H., & Kobsa, A. (2016). Understanding user privacy in internet of things environments. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT) (pp. 407–412). https://doi.org/10.1109/WF-IoT.2016.7845392
Microsoft: Microsoft Azure IoT Hub. https://docs.microsoft.com/de-de/azure/iot-hub/about-iot-hub
Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In J. Stern (Ed.), Advances in Cryptology — EUROCRYPT ’99 (pp. 223–238). Berlin: Springer.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126. http://doi.acm.org/10.1145/359340.359342
Sander, T., Young, A., & Yung, M. (1999). Non-interactive cryptocomputing for nc1. In Proceedings of the 40th Annual Symposium on Foundations of Computer Science, FOCS ’99 (p. 554). Washington: IEEE Computer Society.
Shafagh, H., Hithnawi, A., Burkhalter, L., Fischli, P., & Duquennoy, S. (2017). Secure sharing of partially homomorphic encrypted IoT data. In Proceedings of the 15th ACM Conference on Embedded Network Sensor Systems, SenSys ’17 (pp. 29:1–29:14). New York: ACM. http://doi.acm.org/10.1145/3131672.3131697
Tikkinen-Piri C., Rohunen A., & Markkula J. (2018) EU General Data Protection Regulation: Changes and implications for personal data collecting companies, Computer Law & Security Review, 34(1), pp:134–153, doi:https://doi.org/10.1016/j.clsr.2017.05.015. http://www.sciencedirect.com/science/article/pii/S0267364917301966
United Nations. (1948). Universal Declaration on Human Rights (UDHR). http://www.ohchr.org/EN/UDHR/Documents/UDHR_Translations/eng.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Heinz, C., Wall, N., Wansch, A.H., Grimm, C. (2021). Privacy, GDPR, and Homomorphic Encryption. In: Zivkovic, C., Guan, Y., Grimm, C. (eds) IoT Platforms, Use Cases, Privacy, and Business Models. Springer, Cham. https://doi.org/10.1007/978-3-030-45316-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-45316-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45315-2
Online ISBN: 978-3-030-45316-9
eBook Packages: EngineeringEngineering (R0)