IoT Trustworthiness is a Journey and NOT a Project
The EU General Data Protection Directive 13 (GDPR) data privacy law came into effect on May 25 th ,
2018. It applies to Personal Data created and consumed within the EU jurisdictions as well as
Personal Data belonging to EU residents anywhere in the world. The law imposes a wide range
of restrictions 14 on organizations (Data Controllers 15 and Data Processors 16 ) that handle personal
data. Personal data may be produced and consumed by an IoT system. Therefore the IoT
Trustworthiness calculus must take into account the restrictions imposed by this law.
Other privacy law examples that apply within specific jurisdictions include the California
Consumer Privacy Act of 2018 (CCPA) 17 and the Personal Information Protection and Electronic
Documents Act in Canada 18 .
Target State
This third state represents trustworthiness levels that exceed the Minimum requirements, based
on additional internally-defined and self-imposed drivers and objectives (business and technical):
Figure 5: Target Requirements defined internally
I O T T RUSTWORTHINESS C HARACTERISTICS
The trustworthiness of an IoT system is defined by five main characteristics: security, safety,
reliability, resilience and privacy. These characteristics have also been identified by ISO/IEC JTC
SC41 19 , NIST and the IIC IoT Vocabulary and the IIC IISF. Each characteristic will typically have its
own Current, Minimum and Target milestone states. The overall assessment of a system’s
trustworthiness must be based on the aggregate assessment of each of these characteristics.
13
14
15
16
17
18
19
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&qid=1473816357502&from=en and
http://data.europa.eu/eli/reg/2016/679/oj
Example: prior consent before data capture, data retention, jurisdiction where data is stored, etc.
Party which determines purposes and means of the processing of personal data
Party which processes personal data on behalf of the controller
https://oag.ca.gov/system/files/initiatives/pdfs/17-0039%20%28Consumer%20Privacy%20V2%29.pdf
https://www.priv.gc.ca/leg_c/leg_c_p_e.asp
www.iec.ch/functionalsafety/
September 2018
- 67 -