Handling of Personal Data by Smart Home Equipment: an Exploratory Analysis in the Context of LGPD

Thiago Adriano Coleti; Renato Balancieri; André Menolli; Omar Ali Mahmoud; Victor Hugo Sotti; Michel Yvano; Marcelo Morandini

doi:10.5753/jis.2024.3944

Authors

Thiago Adriano Coleti Universidade Estadual do Norte do Paraná https://orcid.org/0000-0002-1078-4334
Renato Balancieri Universidade Estadual do Paraná https://orcid.org/0000-0002-8532-2011
André Menolli Universidade Estadual do Norte do Paraná https://orcid.org/0000-0002-4755-8031
Omar Ali Mahmoud Universidade Estadual do Paraná https://orcid.org/0009-0005-9424-582X
Victor Hugo Sotti Universidade Estadual do Paraná https://orcid.org/0009-0003-2322-0604
Michel Yvano Instituto Federal do Pará https://orcid.org/0000-0001-5090-0267
Marcelo Morandini Universidade de São Paulo https://orcid.org/0000-0001-5402-9544

DOI:

https://doi.org/10.5753/jis.2024.3944

Keywords:

Smart Home, Personal Data, General Data Protection Regulation, Privacy and Security

Abstract

This paper presents an exploratory research that analyzed the Privacy and Security Policies and the Instruction Manuals of 59 home automation equipment for Smart Home in order to verify which personal data was handled and how these documents were providing information about processes performed in personal data. The analysis was conducted with a quantitative approach followed by a qualitative analysis, using content analysis. The surveys identified the following types of personal data: Identification, Financial, Devices and Location. The results presented greater interest in identification data, although financial and location are also used in specific cases. We also concluded that the Privacy and Security Policies present several information that meets the LGPD’s guidelines, especially regarding the purpose of using the data and which personal data is used. However, there is a visible lack of information about the benefits provided to data subjects and about sharing data with third parties, such as recipient data and the legal basis for sharing data.

Downloads

Download data is not yet available.

References

Assaf, M. H., Mootoo, R., Das, S. R., Petriu, E. M., Groza, V., and Biswas, S. (2012). Sensor based home automation and security system. In 2012 IEEE International Instrumentation and Measurement Technology Conference Proceedings, pages 722–727. DOI: https://doi.org/10.1109/I2MTC.2012.6229153.

Audich, D. A., Dara, R., and Nonnecke, B. (2021). Improving readability of online privacy policies through doop: A domain ontology for online privacy. Digit., 1:198–215.

Bardin, L. (2011). Content analysis. São Paulo: Edições, 70(279):978–8562938047.

Basarudin, N. A., Yeon, A. L., Yusoff, Z. M., Dahlan, N. H. M., and Author, N. M. (2017). Smart home users’ information in cloud system: A comparison between Malaysian personal data protection act 2010 and EU general data protection regulation. Malaysian Construction Research Journal, 2(2):209–222.

Bataineh, A. S., Mizouni, R., Barachi, M. E., and Bentahar, J. (2016). Monetizing personal data: A two-sided market approach. Procedia Computer Science, 83:472–479. DOI: https://doi.org/10.1016/j.procs.2016.04.211.

Ben Thabet, A. and Ben Amor, N. (2015). Enhanced smart doorbell system based on face recognition. In 2015 16th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA), pages 373–377. DOI: https://doi.org/10.1109/STA.2015.7505106.

Bier, C., Kühne, K., and Beyerer, J. (2016). Privacyinsight: The next generation privacy dashboard. In Privacy Technologies and Policy, pages 135–152, Cham. Springer International Publishing.

Camêlo, M. N. and Alves, C. (2023). G-priv: A guide to support lgpd compliant specification of privacy requirements. iSys - Brazilian Journal of Information Systems, 16(1):2:1–2. DOI: 10.5753/isys.2023.2743.

Cavoukian, A. (2010). Privacy by Design. Identity in the Information Society, 3(2):1–12.

Chalhoub, G., Flechais, I., Nthala, N., Abu-Salma, R., and Tom, E. (2020). Factoring user experience into the security and privacy design of smart home devices: A case study. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems, CHI EA ’20, page 1–9, New York, NY, USA. Association for Computing Machinery. DOI: https://doi.org/10.1145/3334480.3382850.

Chang, S. and Nam, K. (2021). Smart home adoption: The impact of user characteristics and differences in perception of benefits. Buildings, 11(9). DOI: https://doi.org/10.3390/buildings11090393.

Christl, W. (2017). How companies use personal data against people. automated disadvantage, personalized persuasion, and the societal ramifications of the commercial use of personal information. CrackedLabs.

Coleti, T., Mahmoud, O., Sotti, V., Menolli, A., Morandini, M., and Balancieri, R. (2023). Equipamentos para smart home: O que eles querem saber sobre nós? In Anais do IV Workshop sobre as Implicações da Computação na Sociedade, pages 26–37, Porto Alegre, RS, Brasil. SBC. DOI: https://doi.org/10.5753/wics.2023.230083.

Coleti, T. A., Corrêa, P. L. P., Filgueiras, L. V. L., and Morandini, M. (2020). TR-Model. A Metadata Profile Application for Personal Data Transparency. IEEE Access, 8(1):75184–75209. DOI: https://doi.org/10.1109/ACCESS.2020.2988566.

Earp, J. B., Anton, A. I., Aiman-Smith, L., and Stufflebeam, W. H. (2005). Examining internet privacy policies within the context of user privacy values. IEEE Transactions on Engineering Management, 52(2):227–237. DOI: https://doi.org/10.1109/TEM.2005.844927.

Efroni, Z., Metzger, J., Mischau, L., and Schirmbeck, M. (2019). Privacy icons: A risk-based approach to visualisation of data processing. European Data Protection Law Review, 5(3):352–366. DOI: https://doi.org/10.21552/edpl/2019/3/9.

Filgueiras, L. V. L., Leal, A. S. F., Coleti, T. A., Morandini, M., Correa, P. L., and Alves-Souza, S. N. (2019). Keep System Status Visible: Impact of Notifications on the Perception of Personal Data Transparency. Human-Computer Interaction. Perspectives on Design, 1:513–530.

Fischer-Hübner, S., Angulo, J., and Pulls, T. (2014). How can cloud users be supported in deciding on, tracking and controlling how their data are used? In Privacy and Identity Management for Emerging Services and Technologies, pages 77–92, Berlin, Heidelberg. Springer Berlin Heidelberg.

Freitas, C. C. S., Mesquita, B. D. R., Pereira, C. E., and Farias, V. J. C. (2010). Automação residencial - uma abordagem em relação as atuais tecnologias e perspectivas para o futuro. In V Congresso Norte-Nordeste de Pesquisa e Inovação (CONNEPI), pages 1–8. DOI: 10.13140/2.1.3590.3683.

Guhr, N., Werth, O., Blacha, P. P. H., and Breitner, M. H. (2020). Privacy concerns in the smart home context. SN Applied Sciences, 2(247):1–12. DOI: https://doi.org/10.1007/s42452-020-2025-8.

Holtz, L. E., Nocun, K., and Hansen, M. (2011). Towards displaying privacy information with icons. IFIP Advances in Information and Communication Technology, 352 AICT:338–348. DOI: https://doi.org/10.1007/978-3-642-20769-3_27.

Huq, S. M., Rahman, M. A., and Saleh, S. M. (2017). Application for integrating microcontrollers to internet of things. In 2017 20th International Conference of Computer and Information Technology (ICCIT), pages 1–4. DOI: https://doi.org/10.1109/ICCITECHN.2017.8281837.

Islam, R., Rahman, W., Rubaiat, R., Hasan, M., Reza, M., and Rahman, M. M. (2022). Lora and server-based home automation using the internet of things (iot). Journal of King Saud University - Computer and Information Sciences, 34(6, Part B):3703–3712. DOI: https://doi.org/10.1016/j.jksuci.2020.12.020.

Jang, I., Lee, D., Choi, J., and Son, Y. (2019). An approach to share self-taught knowledge between home iot devices at the edge. Sensors, 19:833. DOI: https://doi.org/10.3390/s19040833.

Krippendorff, K. (2018). Content analysis: An introduction to its methodology. Sage publications.

Kuznetsov, M., Novikova, E., Kotenko, I., and Doynikova, E. (2022). Privacy Policies of IoT Devices : Collection and Analysis. Sensors, 22(5):1–23.

Lamjane, K. S. and Rojatkar, D. V. (2018). Amazon Alexa Based Home Automation Using Particle Photon. International Journal of Scientific Research in Science, Engineering and Technology IJSRSET, 4(May):80–84.

Luor, T., Lu, H.-P., Yu, H., and Lu, Y. (2015). Exploring the critical quality attributes and models of smart homes. Maturitas, 82(4):377–386. DOI: https://doi.org/10.1016/j.maturitas.2015.07.025.

Maus, G. (2015). Decoding, hacking, and optimizing societies: Exploring potential applications of human data analytics in sociological engineering, both internally and as offensive weapons. In Proceedings of the 2015 Science and Information Conference, SAI 2015, pages 538–547. DOI: https://doi.org/10.1109/SAI.2015.7237195.

Mortier, R., Haddadi, H., Henderson, T., Mcauley, D., Crowcroft, J., and Crabtree, A. (2016). Human-Data Interaction. Interaction Design Foundation - IxDF, pages 1–48.

Murmann, P. and Fischer-Hübner, S. (2017). Tools for achieving usable ex post transparency: A survey. IEEE Access, 5:22965–22991. DOI: https://doi.org/10.1109/ACCESS.2017.2765539.

Patrick, A. S. and Kenny, S. (2003). From privacy legislation to interface design: Implementing information privacy in human-computer interactions. In International Symposium on Privacy Enhancing Technologies.

Reis, V. Q. d., Rabello, M. E. R., Lima, A. C., Jardim, G. P. S., Fernandes, E. R., and Brefeld, U. (2023). Data practices in apps from brazil: What do privacy policies inform us about? Journal on Interactive Systems, 14(1):1–8. DOI: 10.5753/jis.2023.2954.

Ribeiro, J. and Garcés, L. (2023). Especificação de requisitos de design de software para sistemas de iot conforme a lgpd: Resultados de aplicação em um sistema de assistência para pacientes com diabetes mellitus. In Anais Estendidos do XXIII Simpósio Brasileiro de Computação Aplicada à Saúde, pages 37–42, Porto Alegre, RS, Brasil. SBC. DOI: https://doi.org/10.5753/sbcas_estendido.2023.229693.

Schneier, B. (2015). Data and Goliath. The hidden battles to collect your data and control your world. Norton, New York.

Singh, D., Psychoula, I., Kropf, J., Hanke, S., and Holzinger, A. (2018). Users’ perceptions and attitudes towards smart home technologies. In Smart Homes and Health Telematics, Designing a Better Future: Urban Assisted Living, pages 203–214, Cham. Springer International Publishing.

Subahi, A. and Theodorakopoulos, G. (2018). Ensuring compliance of iot devices with their privacy policy agreement. In 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud), pages 100–107. DOI: 10.1109/FiCloud.2018.00022.

Toledo, M. D. E. (2020). Lei Geral de Proteção de Dados. um guia completo. Emprendedorismo Legal.

Vavilov, D., Melezhik, A., and Platonov, I. (2014). Reference model for smart home user behavior analysis software module. In 2014 IEEE Fourth International Conference on Consumer Electronics Berlin (ICCE-Berlin), pages 3–6. DOI: https://doi.org/10.1109/ICCE-Berlin.2014.7034262.

Wanzeler, T., Fülber, H., and Merlin, B. (2016). Desenvolvimento de um sistema de automação residencial de baixo custo aliado ao conceito de Internet das Coisas (IoT). In Anais do XXXIV Simpósio Brasileiro de Telecomunicações, pages 40–44. DOI: https://doi.org/10.14209/sbrt.2016.176.

Zeng, E., Mare, S., and Roesner, F. (2019). End user security & privacy concerns with smart homes. In Proceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017, pages 65–80.