Selecting Privacy Enhancing Technologies for IoT-Based Services

The rising number of IoT devices enables the provisioning of novel services in various domains, such as the automotive domain. This data, however, is often personal or otherwise sensitive. Providers of IoT-based services are confronted with the problem of collecting the necessary amount and quality of data, while at the same time protecting persons’ privacy using privacy enhancing technologies (PETs). Selecting appropriate PETs is neither trivial, nor is it uncritical since applying an unsuitable PET can result in a violation of privacy rights, e.g. according to the GDPR. In this paper, we propose a process to select data-dependent PETs—i.e. technologies which manipulate data, e.g. by distorting values—for IoT-based services. The process takes into account two perspectives on the selection of PETs which both narrow down the number of potentially applicable PETs: First, a data-driven perspective which is based on the data’s properties, e.g. its longevity and sequentiality; and second, a service-driven perspective which takes into account service requirements, e.g. the precision required to provide a particular service. We then show how the process can be applied for automotive services proposing a taxonomy for automotive data and present an exemplary application.