Developing GDPR Compliant Apps for the Edge

  • Tom LodgeEmail author
  • Andy Crabtree
  • Anthony Brown
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11025)


We present an overview of the Databox application development environment or SDK as a means of enabling trusted IoT app development at the network edge. The Databox platform is a dedicated domestic platform that stores IoT, mobile and cloud data and executes local data processing by third party apps to provide end-user control over data flow. Key challenges for building apps in edge environments concern (i) the complexity of IoT devices and user requirements, and (ii) supporting privacy preserving features that meet new data protection regulations. We examine how the Databox SDK can ease the burden of regulatory compliance and be used to sensitize developers to privacy related issues in the very course of building apps.


Internet of Things Edge computing Databox Data protection GDPR Trusted application development SDK 


  1. 1.
    Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are. Accessed 26 June 2018
  2. 2.
    IDC FutureScape: Worldwide IoT 2018 Predictions. Accessed 26 June 2018
  3. 3.
    Amazon Echo. Accessed 26 June 2018
  4. 4.
    Apple HomePod. Accessed 26 June 2018
  5. 5.
    Google Home. Accessed 26 June 2018
  6. 6.
    Home Assistant. Accessed 26 June 2018
  7. 7.
    nCube. Accessed 26 June 2018
  8. 8.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official J. Eur. Union, L119, 1–88, April 2016Google Scholar
  9. 9.
    Chaudhry, A., Crowcroft, J., Howard, H., Madhavapeddy, A., Mortier, R., Haddadi, H., McAuley, D. : Personal data: thinking inside the box. In Proceedings of the Fifth De-cennial Aarhus Conference on Critical Alternatives, pp. 29–32. Aarhus University Press (2015)Google Scholar
  10. 10.
    Lee, S., Wong, E. L., Goel, D., Dahlin, M., Shmatikov, V.: PiBox: a platform for privacy-preserving apps. In: Proceedings of NSDI, pp. 501–514 (2013)Google Scholar
  11. 11.
    Giffin, D.B., Levy, A., Stefan, D., Terei, D., Mazières, D., Mitchell, J.C., Russo, A.: Hails: protecting data privacy in untrusted web applications. In: Proceedings of OSDI, pp. 47–60 (2012)Google Scholar
  12. 12.
    Willis, D., Dasgupta, A., Banerjee, S.: ParaDrop: a multi-tenant platform to dynamically install third party services on wireless gateways. In: Proceedings of the 9th ACM Workshop on Mobility in the Evolving Internet Architecture, pp. 43–48. ACM (2014)Google Scholar
  13. 13.
    Youngblood, G.M., Cook, D.J., Holder, L.B.: A learning architecture for automating the intelligent environment. In: Proceedings of the Conference on Innovative Applications of Artificial Intelligence, pp. 1576–1583. MIT Press, Cambridge (2005)Google Scholar
  14. 14.
    How GDPR Will Change the Way You Develop. Accessed 26 June 2018
  15. 15.
    Domoticz. Accessed 26 June 2018
  16. 16.
    OpenHAB. Accessed 26 June 2018
  17. 17.
    OpenRemote. Accessed 26 June 2018
  18. 18.
    Project Things. Accessed 26 June 2018
  19. 19.
    Cozify. Accessed 26 June 2018
  20. 20.
    Fibaro. Accessed 26 June 2018
  21. 21.
    Vera. Accessed 26 June 2018
  22. 22.
    Mydex. Accessed 26 June 2018
  23. 23.
    Hub of All Things. Accessed 26 June 2018
  24. 24.
    Android Things. Accessed 26 June 2018
  25. 25.
    Apple HomeKit. Accessed 26 June 2018
  26. 26.
    Samsung SmartThings. Accessed 26 June 2018
  27. 27.
    Newman, M.W.: Now we’re cooking: recipes for end-user service composition in the digital home. Position Paper- CHI 2006 Workshop IT@Home (2006)Google Scholar
  28. 28.
    IFTTT. Accessed 26 June 2018
  29. 29.
    Stringify. Accessed 26 June 2018
  30. 30.
    Yeti. Accessed 26 June 2018
  31. 31.
    Zapier. Accessed 26 June 2018
  32. 32.
    Mi, X., Feng Q., Ying, Z., XiaoFeng, W.: An empirical characterization of IFTTT: eco-system, usage, and performance. In: Proceedings of the 2017 Internet Measurement Conference, pp. 398–404. ACM, New York (2017)Google Scholar
  33. 33.
    Surbatovich, M., Jassim, A., Lujo B., Anupam D., Limin, J.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, International World Wide Web Conferences Steering Committee, pp. 1501–1510 (2017)Google Scholar
  34. 34.
    Attacking Discrimination in ML. Accessed 26 June 2018
  35. 35.
    Eslami, M., Krishna Kumaran, S.R., Sandvig, C., Karahalios, K.: Communicating algorithmic process in online behavioral advertising. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, p. 432. ACM (2018)Google Scholar
  36. 36.
    Ribeiro, M.T., Singh, S., Guestrin, C.: Why should I trust you?: explaining the predictions of any classifier. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1135–1144. ACM (2016)Google Scholar
  37. 37.
    Morrison, J.P.: Flow-based programming. In: Proceedings of the 1st International Workshop on Software Engineering for Parallel and Distributed Systems, pp. 25–29 (1994)Google Scholar
  38. 38.
    Weiss, G.M., Lockhart, J.W.: Identifying user traits by mining smart phone accelerometer data. In: Proceedings of the Fifth International Workshop on Knowledge Discovery from Sensor Data, pp. 61–69. ACM (2011)Google Scholar
  39. 39.
    Smart meters review TV viewing habits. Accessed 26 June 2018
  40. 40.
    Kim, Y., Schmid, T., Srivastava, M.B., Wang, Y.: Challenges in resource monitoring for residential spaces. In: Proceedings of the First ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Buildings, pp. 1–6. ACM (2009)Google Scholar
  41. 41.
    Crabtree, A., Lodge, T., Colley, J., Greenhalgh, C., Mortier, M.: Building accountability into the Internet of Things: the IoT Databox Model. J. Reliable Intell. Environ. SSRN (2018)Google Scholar
  42. 42.
    Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the Internet of Things. In: Network and Distributed Systems Symposium (2018)Google Scholar
  43. 43.
    Schreiber, A., Struminski, R.: Tracing personal data using comics. In: International Conference on Universal Access in Human-Computer Interaction, pp. 444–455 (2017)Google Scholar
  44. 44.
    Edwards, L., Veale, M.: Slave to the algorithm: why a right to an explanation is probably not the remedy you are looking for. Duke L. Tech. Rev. 16, 18 (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of NottinghamNottinghamUK
  2. 2.Horizon Digital Economy ResearchUniversity of NottinghamNottinghamUK

Personalised recommendations