TY - GEN
T1 - Legal Considerations of IoT Applications in Fog and Cloud Environments
AU - Garg, R.
AU - Varadi, Sz
AU - Kertesz, A.
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/3/19
Y1 - 2019/3/19
N2 - The Internet of Things is the latest paradigm that encompasses the potential of connecting a physical object to the Internet, and then utilizes cloud services to collect, store and process data generated by these connected devices. In order to reduce the service latency of computations, processes, and storage at further situated Cloud nodes, the Fog paradigm was born, which brings data management closer to the end user or to the edge of the network of a provider. Fog nodes can not only be geographically distributed, but also more dynamic in nature than cloud nodes, therefore it is even more difficult to ensure data protection. The operation of such complex systems, thus, raises legal issues such as who owns or processes the data, who is liable in terms of a possible security breach. In this paper we aim to discuss the latest advances of corresponding legislation in the European Union and in the United States of America that affect these technology developments. First, we investigate IoT and Fog characteristics and identify different use cases of loT-Fog-Cloud environments that will be then used to discuss possible legal issues. We conclude the paper with role mappings for the identified cases, and by proposing recommendations on how to govern data management in these complex systems to ensure data protection as mandated by current legislations across these two regions. Our investigations imply that as we broaden the scope and complexity of the managed systems, the user control of the sensed private data weakens, and the responsibility of data protection are shifting towards fog, cloud and service providers.
AB - The Internet of Things is the latest paradigm that encompasses the potential of connecting a physical object to the Internet, and then utilizes cloud services to collect, store and process data generated by these connected devices. In order to reduce the service latency of computations, processes, and storage at further situated Cloud nodes, the Fog paradigm was born, which brings data management closer to the end user or to the edge of the network of a provider. Fog nodes can not only be geographically distributed, but also more dynamic in nature than cloud nodes, therefore it is even more difficult to ensure data protection. The operation of such complex systems, thus, raises legal issues such as who owns or processes the data, who is liable in terms of a possible security breach. In this paper we aim to discuss the latest advances of corresponding legislation in the European Union and in the United States of America that affect these technology developments. First, we investigate IoT and Fog characteristics and identify different use cases of loT-Fog-Cloud environments that will be then used to discuss possible legal issues. We conclude the paper with role mappings for the identified cases, and by proposing recommendations on how to govern data management in these complex systems to ensure data protection as mandated by current legislations across these two regions. Our investigations imply that as we broaden the scope and complexity of the managed systems, the user control of the sensed private data weakens, and the responsibility of data protection are shifting towards fog, cloud and service providers.
KW - Cloud Computing
KW - Data Protection
KW - Fog Computing
KW - GDPR
KW - Internet of Things
KW - U.S. privacy Rules
UR - http://www.scopus.com/inward/record.url?scp=85063874383&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063874383&partnerID=8YFLogxK
U2 - 10.1109/EMPDP.2019.8671620
DO - 10.1109/EMPDP.2019.8671620
M3 - Conference contribution
AN - SCOPUS:85063874383
T3 - Proceedings - 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2019
SP - 193
EP - 198
BT - Proceedings - 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2019
Y2 - 13 February 2019 through 15 February 2019
ER -