Abstract
The consumer IoT is now prevalent and creates an enormous amount of fine-grained, detailed information about consumers’ everyday actions, personalities, and preferences. Such detailed information brings new and unique privacy challenges. The consumers are not aware of devices that surround them. There is a lack of transparency and absence of support for consumers to control the collection and processing of their personal and sensitive data. This paper reports on a review of state-of-the-art on privacy protection in IoT, with respect to privacy enhancing technologies (PETs) and GDPR-specific privacy principles. Drawing on a thorough analysis of 36 full papers, we identify key privacy challenges in IoT that need to be addressed to provide consumers with transparency and control over their personal data. The privacy challenges we have identified are (1) the lack of technical expertise in privacy notice comprehension, (2) the lack of transparency and control of personal data, and (3) the lack of personalized privacy recommendations.