Privacy-Aware Internet of Things Notices in Shared Spaces: A Survey

The balance between protecting users' privacy while providing cost-effective devices that are functional and usable is a key challenge in the burgeoning Internet of Things (IoT) industry. While in traditional desktop and mobile contexts the primary user interface is a screen, in IoT screens are rare or very small, which invalidate most of the traditional approaches. We examine how end-users interact with IoT products and how those products convey information back to the users, particularly `what is going on' with regards to their data. We focus on understanding what the breadth of IoT, privacy, and ubiquitous computing literature tells us about how individuals with average technical expertise can be notified about the privacy-related information of the spaces they inhabit in an easily understandable way. In this survey, we present a review of the various methods available to notify the end-users while taking into consideration the factors that should be involved in the notification alerts within the physical domain. We identify five main factors: (1) data type, (2) data usage, (3) data storage, (4) data retention period, and (5) notification method. The survey also includes literature discussing individuals' reactions and their potentials to provide feedback about their privacy choices as a response to the received notification. The results of this survey highlight the most effective mechanisms for providing awareness of privacy and data-use-practices in the context of IoT in shared spaces.