IoT and Smart Home Data Breach Risks from the Perspective of Croatian Data Protection and Information Security Law
Keywords:
IoT, smart homes, security, data protection, personal data protectionAbstract
IoT technology required to build smart homes, regarding automation and control processes, represents a significant information security and personal data protection challenge. Smart homes demand a new level of security requirements as they contain relevant, vulnerable and private information. Since IoT technology offers opportunities and imposes risks, an IoT based smart home is susceptible to the IoT security vulnerabilities and attacks via Internet. Personal data covering household habits could easily become available to the third parties without data subject consent. The business model created by the smart home technology industry based on sharing the house owners’ data with third parties is now facing significant obstacles with regard to data protection regulation and practice being developed in European Union. This paper indicates potential threats and points out current regulatory provisions regarding preserving data privacy and information security in the IoT smart home environment.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
Apiumhub (2018), “IoT Security Issues and Risks”, available at: https://apiumhub.com/tech-blog-barcelona/iot-security-issues/ (23 February 2019).
Ashton, K. (2019), ”That internet of things thing”, RFIDJournal, available at: https://www.rfidjournal.com/articles/view?4986 (25 June 2019).
Columbus, L. (2018), “IoT Market Predicted To Double By 2021, Reaching $520B”, available at: https://www.forbes.com/sites/louiscolumbus/2018/08/16/iot-market-predicted-to-double-by-2021-reaching-520b/#5b35472d1f94 (22 February 2019).
Denning, T., Kohno, T., Levy, H. M. (2013), “Computer security and the modern home”, Communications of the ACM, Vol. 56, No. 1, pp. 94-103.
European Commission (2014), Commission recommendation of 10 October 2014 on the Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (2014/724/EU).
European Commission (2016a), Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) L 119/1.
European Commission (2016b), Directive (EU) 2016/1148 of the European parliament and of the council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive), L 194/1 OJEU.
European Commission (N/A), “IoT Privacy, Data Protection, Information Security”, available at: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1753 (25 June 2019).
Evans, D. (2011), “The Internet of Things: How the next evolution of the internet is changing everything”, White Paper, Cisco, available at:
Främling, K. (2002), “Tracking of material flow by an Internet-based product data management system”, Tieke EDISTY magazine, No. 1, pp. 24-25.
Hung, M. (2017), “Leading to IoT”, Gartner, available at: https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf (25 February 2019).
https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf (25 June 2019).
Iskraemeco (2019), Manufacturer web page, available at: http://www.iskraemeco.com/files/5514/3982/5764/AM550.pdf (23 February 2019).
KPMG (2017), “Risk or Reward: What lurks within your IoT?”, available at: https://assets.kpmg/content/dam/kpmg/pl/pdf/2018/02/pl-Raport-KPMG-Risk-or-reward-What-lurks-within-your-IoT.PDF (22 February 2019).
Meola, A. (2018), “What is the Internet of Things (IoT)? Meaning & Definition”, available at: https://www.businessinsider.com/internet-of-things-definition (23 February 2019).
Ning, H. (2013), Unit and Ubiquitous Internet of Things, CRC Press, Boca Raton, FL, USA.
Official Gazette of Republic of Croatia (2018), Act on Cybersecurity of Essential Service Operators and Digital Service Providers – Zakon o kibernetičkoj sigurnosti operatera ključnih usluga i davatelja digitalnih usluga, Narodne novine (Official Gazette of Republic of Croatia) 64/2018.
Pascu L. (2018), ”The IoT Threat Landscape and Top Smart Home Vulnerabilities in 2018”, Bitdefender, available at: https://www.bitdefender.com/files/News/CaseStudies/study/229/Bitdefender-Whitepaper-The-IoT-Threat-Landscape-and-Top-Smart-Home-Vulnerabilities-in-2018.pdf (22 February 2019).
Vongsingthong, S., Smanchat, S., A (2015), “Review of Data Management in Internet of Things”, Asia-Pacific Journal of Science and Technology, Vol. 20, No. 2, pp. 215-240.
Wachter, S. (2018), “The GDPR and the Internet of Things: a three-step transparency model”, Law, Innovation and Technology, Vol. 10, No. 2, pp. 266-294.
Wallace, B. (2018), “A Look at the Security Risks of IoT Devices”, available at: https://hackernoon.com/a-look-at-the-security-risks-of-iot-devices-f0d6ffe1441d (23 February 2019).