Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2022 Aug;42(8):1784-1805.
doi: 10.1111/risa.13661. Epub 2020 Dec 27.

Privacy Accountability and Penalties for IoT Firms

Francesco Ciardiello  1 Andrea Di Liddo  2
Affiliations

Privacy Accountability and Penalties for IoT Firms

Francesco Ciardiello et al. Risk Anal. 2022 Aug.

Abstract

Internet of things (IoT) business partnership are formed by technological partners and traditional manufacturers. IoT sensors and devices capture data from manufacturers' products. Data enforce product/service innovation thanks to data sharing among companies. However, data sharing among firms increases the risk of data breaches. The latter is due to two phenomena: information linkage and privacy interdependency. Data Protection Authorities (DPA) protect data users' rights and fine firms if there is an infringement of privacy laws. DPA sanction the responsible for the infringement of privacy laws. We present two different business scenarios: the first occurs when each firm is a data owner; the second occurs when only the manufacturer is the data owner. For both scenarios, we present two fair penalty schemes that suggest the following: total amount of the fine; and how to share the fine among participants. Penalties critically vary at how innovation networks are structured in IoT industries. Our penalties provide incentives to data sharing since they redistribute firms' responsibility against data breaches. Our penalties may mitigate the risk on the manufacturer if is the unique responsible for data handling.

Keywords: Cooperative game theory; European GDPR; data breach; data sharing; risk mitigation.

PubMed Disclaimer

References

REFERENCES

    1. Abella, A., Ortiz-de Urbina-Criado, M., & De-Pablos-Heredero, C. (2017). A model for the analysis of data-driven innovation and value generation in smart cities' ecosystems. Cities, 64, 47-53.
    1. Abu-Elkheir, M., Hayajneh, M., & Ali, N. A. (2013). Data management for the internet of things: Design primitives and solution. Sensors, 13(11), 15582-15612.
    1. Acquisti, A., John, L. K., & Loewenstein, G. (2013). What is privacy worth? Journal of Legal Studies, 42(2), 249-274.
    1. Acquisti, A., Taylor, C., & Wagman, L. (2016). The economics of privacy. Journal of Economic Literature, 54(2), 442-492.
    1. Ahrweiler, P., & Keane, M. T. (2013). Innovation networks. Mind & Society, 12(1), 73-90.

Publication types

LinkOut - more resources