A mapping of IoT user-centric privacy preserving approaches to the GDPR

The vast amount of personal data collected and shared in the Internet of Things (IoT) is causing increasing concerns regarding the user privacy in IoT. The recently introduced General Data Protection Regulation (GDPR) aims to strengthen the user rights and sets new requirements for data handling, while calling for increased user involvement in privacy protection. The motivation for this study originates from recent work in this area, which identified the existing challenges of applying the GDPR requirements in the IoT. Based on this work, we identify basic characteristics that an IoT privacy framework should satisfy in order to enable the protection of users' privacy and personal data, while supporting the GDPR requirements. This paper provides an analysis of the state-of-the-art in the literature to get an insight on how these characteristics are addressed. Lastly, we analyse our findings and identify open issues in user privacy that require further work by the research community. (C) 2020 Elsevier B.V. All rights reserved.