FoT-PDS: a user-centric paradigm for privacy-preserving IoT.

Abstract

The IoT poses significant challenges to personal data privacy, as it enables pervasive and ubiquitous data collection and processing, often occurring without the user’s knowledge and consent. This situation reinforces the ’privacy paradox’ phenomenon, which poses a trade-off between the benefits of technologies and services and associated privacy risks. At the same time, users’ perceptions of data collection and value have been changing, increasing their concern about exchanging their data for services and driving a move- ment toward more control for privacy protection. In this scenario, this thesis introduces FoT-PDS, an original paradigm to address privacy issues in the IoT context by empower- ing users with data control, ensuring transparency in data processing, raising awareness of privacy risks, and fostering trust in service providers. It is a user-centric paradigm that integrates the Fog of Things and Personal Data Stores, promoting decentralized data management and granting individuals fine-grained control over who accesses their data and for which purposes. Additionally, the paradigm includes an AI-assisted con- sent mechanism based on clustering methods to anticipate profiling risks and support informed decision-making by users. Our experimental study results demonstrate that FoT-PDS enhances users’ perception of data control, which has a positive and direct im- pact on privacy awareness and transparency. Moreover, privacy awareness mediates the indirect effect of data control on trust. Further, the technical evaluation demonstrates the feasibility of the consent mechanism and its potential to mitigate profiling risks. These insights provide empirical evidence supporting the adoption of the FoT-PDS as a viable and effective approach for promoting data control and mitigating privacy risks in the IoT context.