Privacy-Patterns for IoT Application Developers

Designing Internet of things (IoT) applications (apps) is challenging due to the heterogeneous nature of the systems on which these apps are deployed. Personal data, often classified as sensitive, may be collected and analysed by IoT apps, where data privacy laws are expected to protect such information. Various approaches already exist to support privacy-by-design (PbD) schemes, enabling developers to take data privacy into account at the design phase of application development. However, developers are not widely adopting these approaches because of understandability and interpretation challenges. A limited number of tools currently exist to assist developers in this context -- leading to our proposal for "PARROT" (PrivAcy by design tool foR inteRnet Of Things). PARROT supports a number of techniques to enable PbD techniques to be more widely used. We present the findings of a controlled study and discuss how this privacy-preserving tool increases the ability of IoT developers to apply privacy laws (such as GDPR) and privacy patterns. Our students demonstrate that the PARROT prototype tool increases the awareness of privacy requirements in design and increases the likelihood of the subsequent design to be more cognisant of data privacy requirements.