The Internet of Things (IoT) Assistant app informs users about what IoT devices and technologies are around them and what data they are collecting. If a device - such as a public camera with facial recognition and scene recognition capabilities - offers privacy choices like opting in or out of data collection, the app will help the user access these choices.
"Because of new laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), people need to be informed about what data is collected about them and they need to be given some choices over these processes," says Professor Norman Sadeh, a CyLab faculty member in Carnegie Mellon’s Institute for Software Research and the principal investigator on the project. "We have built an infrastructure that enables owners of IoT technologies to comply with these laws, and an app that takes advantage of this infrastructure to empower people to find out about and control data collected by these technologies."
Currently, while some public spaces under surveillance might have signs informing people in the vicinity that video of them may be recorded, this isn't enough, say the researchers.
"These signs tell you nothing about what is being done with your footage, how long it’s going to be retained, whether or not it uses facial recognition, or with whom this is going to be shared," says Sadeh. "Under regulations like GDPR and CCPA, there are requirements to more explicitly communicate not just the presence of these technologies and what they collect, but to also give people some control over what is being collected and how the data can be used."
While end-users may use the app to see information about IoT devices around them, owners of IoT devices can use a cloud-based IoT privacy online portal to publish the presence of their IoT devices in registries spanning different areas. Organizations such as mall operators, shop owners, universities, or