Skip to main content

Research Repository

Advanced Search

DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.

Henriksen-Bulmer, Jane; Faily, Shamal; Jeary, Sheridan

Authors

Jane Henriksen-Bulmer

Shamal Faily

Sheridan Jeary



Abstract

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions.

Citation

HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2020. DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. Future internet [online], 12(5), article 93. Available from: https://doi.org/10.3390/fi12050093

Journal Article Type Article
Acceptance Date May 18, 2020
Online Publication Date May 24, 2020
Publication Date May 31, 2020
Deposit Date Sep 16, 2021
Publicly Available Date Nov 23, 2021
Journal Future internet
Electronic ISSN 1999-5903
Publisher MDPI
Peer Reviewed Peer Reviewed
Volume 12
Issue 5
Article Number 93
DOI https://doi.org/10.3390/fi12050093
Keywords Contextual integrity; Privacy; Risk; Data protection impact assessment (DPIA); General data protection regulation (GDPR)
Public URL https://rgu-repository.worktribe.com/output/1427724

Files

HENRIKSEN-BULMER 2020 DPIA in context (VOR) (14 Mb)
PDF

Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/

Copyright Statement
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).




You might also like



Downloadable Citations