The present document summarizes a certain number of technical measures adopted by IoT Lab to respect, preserve and protect the privacy and eventual personal
data of participants:
- Anonymity and pseudo compliance: Users can register to the system using a pseudonym and remain completely anonymous.
- Limiting personal data collection: IoT Lab platform is designed to limit and minimize any personal data collection and to maximize the anonymizing of any collected data.
- Preventing remote dumping of personal data: Contrary to many smart phones applications, IoT Lab is designed to prevent any hidden collecting of personal data such as users’ calendar or contacts list.
- Personal data dissociation: Email addresses and users pseudo are completely dissociated from the other data collected in the experiments and they are stored in distinct tables of the data base.
- Aggregating and anonymizing experimental data: Collected data are systematically anonymized and researchers cannot access to individual profiles, but only to aggregated, processed and anonymized data.
- Role-based access control: IoT Lab is restricting data access to those who have proper and relevant electronic credentials.
- Intrusion detection tools: Incoming and outgoing network traffic is continuously monitored in order to identify and handle security violation attempts.
- Data transmission security: IoT Lab uses encryption standards for secured data transmission.
- Prior informed consent: the platform is designed in such away, that no data can be collected without the user’s consent.
- Full user control: the platform enables the users to control and change his parameters at any time, including the sets of data that are shared.
- Collective crowd control of ethical and personal data protection rules: enabling the user to flag any unethical experiment proposal.