Dynamic Consent: Physical Switches and Feedback to Adjust Consent to IoT Data Collection

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12203)


From smart homes to highly energy-optimized office building and smart city, the adoption of living in smart spaces requires that the inhabitants feel comfortable with the level of data being collected about them in order to provide smartness. However, you usually provide this consent on—or best before—your very first interaction. Thus, firstly your consent might vary over the time of usage. Secondly, it is not always obvious if data is currently collected or not. This paper addresses two missing elements in the interaction with a smart environment: First, the general concept of dynamicity of consent to data collection. Second, provision of a physical interaction to gather and change consent and a physical feedback on the current data collection status. By the feedback being physical we mean being visual, haptic or accoustic, in order to allow natural perception by the users in the physical space. For both components we provide examples which show how one could make both the current status as well as the consent physical and discuss the user perception. We argue that having a physical interaction to start potentially privacy-invasive data collections is a useful enrichment for legal consent, and physically visible status is helpful to make a decision.


Privacy Security Consent Smart living Internet-of-Things 



H. C. Pöhls was partially funded by the European Union’s H2020 grant \(\text {n}^o\)780315 (SEMIoTICS). This paper reflects only the authors’ views.


  1. 1.
    European Parliament and the Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. OJ L, 1–88, May 2016. 119 of 4.5.2016Google Scholar
  2. 2.
    OECD: The OECD Privacy Framework (2013). Accessed Jan 2020
  3. 3.
    EU Article 29 Data Protection Working Party (WP 223): Opinion 8/2014 on the Recent Developments on the Internet of Things, pp. 1–24, September 2014Google Scholar
  4. 4.
    Pöhls, H.C., et al.: RERUM: building a reliable IoT upon privacy- and security- enabled smart objects. In: Wireless Communications and Networking Conference Workshop on IoT Communications and Technologies (WCNC 2014), April 2014, pp. 122–127. IEEE (2014)Google Scholar
  5. 5.
    Tragos, E.Z., et al.: Enabling reliable and secure IoT-based smart city applications. In: Proceedings of the International Conference on Pervasive Computing and Communication Workshops (PERCOM 2014), March 2014, pp. 111–116. IEEE (2014)Google Scholar
  6. 6.
    Staudemeyer, R.C., Pöhls, H.C., Watson, B.W.: Security and privacy for the Internet of Things communication in the SmartCity. In: Angelakis, V., Tragos, E., Pöhls, H.C., Kapovits, A., Bassi, A. (eds.) Designing, Developing, and Facilitating Smart Cities, pp. 109–137. Springer, Cham (2017). Scholar
  7. 7.
    Danezis, G., et al.: Privacy and data protection by design - from policy to engineering. Tech. rep. European Union Agency for Network and Information Security, December 2014Google Scholar
  8. 8.
    Cavoukian, A.: Privacy by design: the 7 foundational principles. Revised Version. Accessed Nov 2019
  9. 9.
    Weiser, M.: Some computer science issues in ubiquitous computing. Commun. ACM 36(7), 75–84 (1993)CrossRefGoogle Scholar
  10. 10.
    Frizell, S.: This Startup is Trying to Create - and Control - the Internet of Your Home. Time Mag. 184(1) (2014).
  11. 11.
    Allhoff, F., Henschke, A.: The Internet of Things: foundational ethical issues. Internet of Things 1, 55–66 (2018) CrossRefGoogle Scholar
  12. 12.
    Vella, M.: Nest CEO Tony Fadell on the future of the smart home. Time Mag. 184(1) (2014).
  13. 13.
    Könings, B., Schaub, F.: Territorial privacy in ubiquitous computing. In: 8th International Conference on Wireless On-Demand Network Systems and Services, pp. 104–108. IEEE (2011)Google Scholar
  14. 14.
    Brocker, M., Checkoway, S.: iSeeYou: disabling the MacBook webcam indicator LED. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 337–352 (2014)Google Scholar
  15. 15.
    Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Light commands: laser-based audio injection on voice-controllable systems (2019). Accessed 13 Dec 2019
  16. 16.
    Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., Xu, W.: Dolphinattack: inaudible voice commands. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 103–117. ACM (2017)Google Scholar
  17. 17.
    Roy, N., Shen, S., Hassanieh, H., Choudhury, R.R.: Inaudible voice commands: the long-range attack and defense. In: 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18), pp. 547–560 (2018)Google Scholar
  18. 18.
    Karegar, F., Gerber, N., Volkamer, M., Fischer-Hübner, S.: Helping john to make informed decisions on using social login. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018, New York, NY, USA, pp. 1165–1174. Association for Computing Machinery (2018).
  19. 19.
    Johnson, E.J., Bellman, S., Lohse, G.L.: Defaults, framing and privacy: why opting in-opting out. Mark. Lett. 13, 5–15 (2002)CrossRefGoogle Scholar
  20. 20.
    The Guardian - Alex Hern: Mark Zuckerberg tapes over his webcam. Should you?, June 2016. Accessed Dec 2019
  21. 21.
    Rosner, G., Kenneally, E.: Clearly opaque: privacy risks of the Internet of Things. In: Rosner, G., Erin, K. (eds.) Clearly Opaque: Privacy Risks of the Internet of Things, 1 May 2018. IoT Privacy Forum (2018)Google Scholar
  22. 22.
    Könings, B., Schaub, F., Weber, M.: Privacy and trust in ambient intelligent environments. In: Ultes, S., Nothdurft, F., Heinroth, T., Minker, W. (eds.) Next Generation Intelligent Environments, pp. 133–164. Springer, Cham (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Institute of IT-Security and Security LawUniversity of PassauPassauGermany
  2. 2.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations