Data protection and IoT. Martel at work to create a self-aware data privacy framework
In the past, when data were not leaving company premises, ensuring and monitoring privacy and security of data was easier. But in the last years, the adoption and deployment of more and more sophisticated cloud-based systems and the proliferation of IoT devices connected globally brought new challenges for the security and privacy of data. This brought up a new concept named “data sovereignty”, which promotes the control of data by the producers rather than by the platforms that host them. In this context, Martel is at work to develop a self-aware data privacy prototype that will enhance the way data is managed and protected.
In light of the increased dependency on technologies and solutions for many aspects of our everyday life, the need for effective cybersecurity mechanisms has become even more pressing. Attacks are becoming more and more sophisticated and incidents like ransomware and loss of electronic data will only proliferate with the introduction of new digital technologies (AI, 5G, etc). In this context, companies and organisations require reinforced cybersecurity mechanisms to secure the data of their users against breaches.
What is self-aware data privacy?
The model to ensure data privacy
Defining the level of privacy and security for data usually requires data owners to define a complex set of privacy and security policies. Manual efforts are notoriously time-consuming and error-prone. Automation can highly reduce the efforts required and errors committed.
For ARCADIAN-IoT, Martel’s experts aim at defining a dynamic recommendation model that by analysing data and their metadata proposes the application of policies for anonymization and encryption of data (or their attributes). The same model might be used to analyse existing policies and evaluate if they contain any potential risk for data privacy and security. The recommender model will leverage a set of human trained classifiers that will consider GDPR policies to identify sensitive data entities or attributes within data entities (e.g. IBAN), language semantics (to identify similar or related concepts) and leverage on crowdsourcing to define privacy and security classifiers for attributes/concepts that are not yet included in the classifier models. Depending on the assigned class, the recommender will either suggest encrypting or anonymizing the data entities or part of their attributes. Derived policies will be attached to data, enabling in data exchange or processing tasks the self-awareness of their privacy. Moreover, in case of the absence of defined policies for a data set, computed recommended policies may conservatively self-apply aiming to zero the exposition of private data.
“The self-aware data privacy component will enable the implementation and portability of GDPR policies in IoT systems. This is extremely important due to the proliferation of IoT devices and systems. Our self-aware data privacy prototype will be validated in the three real use-cases of the ARCADIAN-IoT project: medical IoT for monitoring of patients in active treatment, industrial control systems and digital services for emergency and vigilance and will be integrated into Martel’s Orchestra Cities IoT platform”, said Federico M. Facca, Chief Technology Officer at Martel.
ARCADIAN-IoT, the acronym for Autonomous trust, security and privacy management framework for IoT aims to develop innovative and advanced trust, security and privacy management mechanisms and technologies that can seamlessly be integrated in a variety of contexts and applications. ARCADIAN-IoT is a strong consortium of 12 partners from 8 European countries, and each has a proven track record of excellent competencies. The team includes representatives from research institutions, academia, industry and SMEs.