Data Protection by Design for Cybersecurity Systems in a Smart Home Environment
This addresses data protection challenges for smart home users, but it is incremental as it applies existing legal principles to a specific domain.
The paper tackles implementing the Data Protection by Design principle from EU law into cybersecurity systems for smart homes, translating legal requirements into technical solutions within the Cyber-Trust project.
The present paper deals with the elucidation and implementation of the Data Protection by Design (DPbD) principle as recently introduced in the European Union data protection law, specifically with regards to cybersecurity systems in a Smart Home environment, both from a legal and a technical perspective. Starting point constitutes the research conducted in the Cyber-Trust project, which endeavours the development of an innovative and customisable cybersecurity platform for cyber-threat intelligence gathering, detection and mitigation within the Internet of Things ecosystem. During the course of the paper, the requirements of DPbD with regards to the conceptualisation, design and actual development of the system are presented as prescribed in law. These requirements are then translated into technical solutions, as envisaged in the Cyber-Trust system. For trade-offs are not foreign to the DPbD context, technical limitations and legal challenges are also discussed in this interdisciplinary dialogue.