William Seymour and Martin Kraemer discuss their new project ‘Informing the Future of Data Protection in Smart Homes’
Published in the 2019 Yearbook, Centre for Doctoral Training in Cyber Security. University of Oxford.
The rollout of the European General Data Protection Regulation (GDPR) has had a big impact in the cyber security world, with many organisations moving to update their practices in time for the end of May. Our DPhil projects to date have been investigating privacy and security generally applied to smart homes, but this project provides an opportunity to learn from the mistakes of the past and explore the ways in which we might design new devices that integrate data protection principles from the beginning.
Funded by the UK Information Commissioner’s Office, we will be undertaking a long term ethnographic study into how households cope with data protection when adopting new smart home technologies1 https://digiwell.web.ox.ac.uk/informing-future-smart-homes. This involves initial considerations related to purchase and setup smart devices in the home. As households become more familiar with the intricacies of their technology and its use, they will begin to form preferences; our goal is to employ insights and experiences of this work, ultimately to create new (speculative) design patterns, features, and envision interfaces which support householders throughout the process. The project also includes designers and product developers of smart home devices in this project, aiming for usable design artefacts.
Article 25 of the GDPR states that organisations should consider “data protection by design and by default” when designing devices and services. A simple example of this might be a kettle that allows users to opt out of sending analytics data in exchange for not having the kettle learn when to turn on in the morning. But for smart cameras, voice assistants, and thermostats that have more complex data collection practices (and often business models that rely on data collection), it is not always clear what form this would take. We aim to make this requirement more relatable through our ethnographic work, and we support the work of product designers and developers with new design artefacts. A more detailed overview of the project can be found in a position paper we published at the 2019 CHI Conference on Human Factors in Computing Systems2https://iotdirections.files.wordpress.com/2019/03/chi19_w35_12.pdf.
The six month ethnographic study begins in July, with 8 households taking part. Speculative design and practitioner interviews are scheduled to take place from Q4 2019 onwards. If you’d like to learn more or participate in expert focus groups and interviews, please contact firstname.lastname@example.org or email@example.com.
William’s research uses speculative design to create and prototype solutions to privacy and security problems in the smart home. Rooted in philosophy, he examines how accounts of respect, from Kant through to those of contemporary philosophers, might inform the design of future smart home devices. His main work on voice assistants uses familiar technology in unfamiliar ways to prompt learning, discussion, and self reflection on topics where traditional research approaches struggle to drive engagement.
Martin is a 3rd year DPhil student at the Department of Computer Science working on home user privacy with Ivan Flechais. He graduated with an MSc in Computer Science (distinction) from The University of Edinburgh, has previously worked as consultant with SAP and holds a BSc in Business Information Systems from Duale Hochschule Badenwurttemberg (Mannheim).
Martin’s research at Edinburgh was supervised by Prof David Aspinall and focussed on the security and privacy of eHealth devices. His work with SAP focussed on mobile solutions for enterprise processes and helped him realise that cyber security was not only one of his customers’ biggest concerns but also an incredibly interesting subject to study.