Author ORCID Identifier
Perez - https://orcid.org/0000-0002-2852-2041
Zeadally - https://orcid.org/0000-0002-5982-8190
Document Type
Article
Publication Date
3-1-2018
Publication Title
Security and Privacy
Volume
1
Issue
3
Abstract
The privacy policies and practices of six consumer Internet of things (IoT) devices were reviewed and compared. In addition, an empirical verification of the compliance of privacy policies for data collection practices on two voice-activated intelligent assistant devices, namely the Amazon Echo Dot and Google Home devices was performed. The review shows that IoT privacy policies may not be usable from the human-computer interaction perspective because IoT policies are included as part of the manufacturers' general privacy policy (which may include policies unrelated to the device), or the IoT policy requires to read (in addition to the IoT policies) the manufacturers' general privacy policy which increase the cognitive load for the user. It was also found that future policy changes along with the approach to provide user consent to changes may adversely affect the privacy of the consumer because changes to policies may not provide choice to consumers to opt out from data collection practices if consumers are not aware of the changes. Finally, the empirical results for the Amazon Echo Dot and the Google Home devices demonstrate they adhere to their privacy policies when voice is collected through these devices.
Recommended Citation
10. Alfredo J. Perez, Sherali Zeadally , Jonathan Cochran, "A review and an empirical analysis of privacy policy and notices for consumer Internet of Things (IoT)", Wiley Security and Privacy, Vol. 1, no. 3, e15, 2018. https://doi.org/10.1002/spy2.15
Comments
"This is the peer reviewed version of the following article: A review and an empirical analysis of privacy policy and notices for consumer internet of things in Security and Privacy, 1(3), which has been published in final form at https://doi.org/10.1002/spy2.15. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Use of Self-Archived Versions. This article may not be enhanced, enriched or otherwise transformed into a derivative work, without express permission from Wiley or by statutory rights under applicable legislation. Copyright notices must not be removed, obscured or modified. The article must be linked to Wiley’s version of record on Wiley Online Library and any embedding, framing or otherwise making available the article or pages thereof by third parties from platforms, services and websites other than Wiley Online Library must be prohibited."