• PDF / 409,909 Bytes
• 9 Pages / 439.37 x 666.142 pts Page_size
• 65 Downloads / 263 Views

DOWNLOAD

REPORT

Abstract. The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR’s provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented. Keywords: Access control systems · GDPR · Indoor Localization Systems · Location-Based Services · Privacy-by-design

1

Introduction

The wide availability of mobile devices has led to an arising development of (indoor/outdoor) Location-Based Services (LBSs) for improving users’ daily life and works. More specifically, a high number of stakeholders are exploiting such systems for providing commercial solutions, selling products, tracking facilities, social apps, and services. Most of the previously cited systems are supposed to acquire and store personal data such as IP address, the user’s localization and the history of locations visited as well as a timestamp of such visits. As a result, the final users disseminate kinds of digital crumbs that might potentially disclose sensitive information without being aware of the actual risk. Beyond Snowden [9] and the recent adoption in May 2018 of the General Data Protection Regulation (GDPR) [7], people sensitiveness about personal privacy, fortunately, has been increasing. However, in the context of Indoor Localization Systems (ILSs), there is still the missing of a standardized reference architecture that takes care of the security and privacy enforcement. In this paper, we describe a novel LBS architecture in line with the GDPR provisions, i.e., able to strengthen the rights of individuals over their personal data and to make organizations more accountable regarding the regulation. The c Springer Nature Switzerland AG 2020  M. Shepperd et al. (Eds.): QUATIC 2020, CCIS 1266, pp. 358–366, 2020. https://doi.org/10.1007/978-3-030-58793-2_29

A Privacy-By-Design Architecture for Indoor Localization Systems

359

provided solution relies on the innovative idea of integrating a GDPR-based Access Control (AC) system inside the localization architecture. We argue that the AC represents a promising technique for developing adequate and finegrained mechanisms taking into account legal requirements, such as the data usage purpose, the management of the user’s consents as well as enforcing the data retention period [4,17,18]. Thus, the main contribution of this paper is to schematize an Indoor Localization System (ILS) reference architecture. We define the purposes of the data management, the management of the user’s consents, and the rights related to privacy and data protection correctly enforced so as to guarantee the privacy-by-design GDPR compliance. To the best of our knowledge, our solution is the first proposal that integrates three key

Recommend Documents

System Architecture with Respect to Indoor Localization

197 117 6MB

Indoor Localization

179 6 3MB

QoS in Indoor Localization

183 42 49MB

Wireless Indoor Localization A Crowdsourcing Approach

163 29 9MB

RSSI Fingerprinting Techniques for Indoor Localization Datasets

178 59 114MB

QoS in Wireless Indoor Localization

204 61 49MB

Towards Attack-Resistant Peer-Assisted Indoor Localization

162 45 18MB

Reducing Search Area in Indoor Localization Applications

176 49 2MB

An Improved PDR/WiFi Integration Method for Indoor Pedestrian Localization

230 76 103MB

A Comparative Study of Localization Methods in Indoor Environments

164 66 801KB

Voice Interaction with Artworks via Indoor Localization: A Vocal Museum

169 47 82MB

Indoor Location Determination Systems

228 7 239KB