An Instrument for Measuring Privacy in IoT Environments

  • Bruno Lopes
  • Diego Roberto Gonçalves de Pontes
  • Sergio Donizetti Zorzo
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 800)


In an Internet of Things (IoT) environment some problems related to user privacy may occur because the exchange of information between devices occurs in a non-standard way. Brazilian data protection law – intended to protect personal data - must also be observed in applications implemented in the Internet of Things environment. This paper presents the IoTPC instrument, which is a tool for measuring privacy in IoT environments and is able to reflect users’ concerns with privacy. IoTPC consists of 17 items that understand users’ opinions on how some IoT devices collect, process, and make their personal information available in some specific IoT scenarios. The IoTPC tool was used in an inference model of the privacy negotiation mechanism for IoT systems. This model makes inferences based on IoTPC items and IoT scenarios using machine learning algorithms that have been trained and tested with IoTPC privacy preferences. The validation of the instrument was made by analyzing the result of a sample of 61 participants, considering the three first order dimensions (IoT requests, decision making and caution) through an exploratory factor analysis. The results of the learning process in the inference model had an accuracy of 79.20%, which indicates that IoTPC can be used in any privacy negotiation mechanism.


Information privacy Concerns about privacy Internet of Things Factor analysis Decision tree 


  1. 1.
    Aggarwal, C.C.: Data Classification: Algorithms and Applications. CRC Press, London (2014)Google Scholar
  2. 2.
    Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of Things security: a survey. J. Netw. Comput. Appl. 88, 10–28 (2017)Google Scholar
  3. 3.
    Balte, A., Kashid, A., Patil, B.: Security issues in Internet of Things (IOT): a survey. Int. J. Advanced Res. Comput. Sci. Softw. Eng. 5(4), (2015)Google Scholar
  4. 4.
    Basilevsky, A.T.: Statistical Factor Analysis and Related Methods: Theory and Applications, vol. 418. Wiley, New York (2009)zbMATHGoogle Scholar
  5. 5.
    Buck, C., Burster, S.: App information privacy concerns. In: AMCIS – The Americas Conference on Information Systems (2017)Google Scholar
  6. 6.
    Field, A.: Discovering Statistics Using IBM SPSS Statistics: North American Edition. SAGE, London (2017)Google Scholar
  7. 7.
    Guo, K., Tang, Y., Zhang, P.: Csf: crowdsourcing semantic fusion for heterogeneous media big data in the Internet of Things. Inf. Fusion 37, 77–85 (2017)Google Scholar
  8. 8.
    Koreshoff, T.L., Robertson, T., Leong, T.W.: Internet of Things: a review of literature and products. In: Proceedings of the 25th Australian Computer-Human Interaction Conference: Augmentation, Application, Innovation, Collaboration, pp. 335–344. ACM (2013)Google Scholar
  9. 9.
    Lee, H., Kobsa, A.: Understanding user privacy in Internet of Things environments. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 407–412. IEEE (2016)Google Scholar
  10. 10.
    Lu, C.: Overview of security and privacy issues in the Internet of Things. In: Internet of Things (IoT): A vision, Architectural Elements, and Future Directions (2014)Google Scholar
  11. 11.
    Malhotra, N.K., Kim, S.S., Agarwal, J.: Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Inf. Syst. Res. 15(4), 336–355 (2004)Google Scholar
  12. 12.
    Oriwoh, E., Conrad, M.: “Things” in the Internet of Things: towards a definition. Int. J. Internet Things 4(1), 1–5 (2015)Google Scholar
  13. 13.
    Peissl, W., Friedewald, M., Burgess, J.P., Bellanova, R., Čas, J.: Introduction: surveillance, privacy and security. In: Surveillance, Privacy and Security, Routledge, pp. 1–12 (2017)Google Scholar
  14. 14.
    Pereira Couto, F.R., Zorzo, S.: Privacy negotiation mechanism in Internet of Things environments. In: AMCIS – The Americas Conference on Information Systems (2018)Google Scholar
  15. 15.
    Rokach, L., Maimon, O.: Data Mining with Decision Trees: Theory and Applications. World Scientific, New Jersey (2014)zbMATHGoogle Scholar
  16. 16.
    Smith, H.J., Milberg, S.J., Burke, S.J.: Information privacy: measuring individuals’ concerns about organizational practices. MIS Q. 20, 167–196 (1996)Google Scholar
  17. 17.
    Streiner, D.L.: Being inconsistent about consistency: when coefficient alpha does and doesn’t matter. J. Pers. Assess. 80(3), 217–222 (2003)Google Scholar
  18. 18.
    Xu, H., Gupta, S., Rosson, M.B., Carroll, J.M.: Measuring mobile users’ concerns for information privacy. In: Thirty Third International Conference on Information Systems (2012)Google Scholar
  19. 19.
    Ziegeldorf, J.H., Morchon, O.G., Wehrle, K.: Privacy in the Internet of Things: threats and challenges. Secur. Commun. Netw. 7(12), 2728–2742 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Bruno Lopes
    • 1
  • Diego Roberto Gonçalves de Pontes
    • 1
  • Sergio Donizetti Zorzo
    • 1
  1. 1.Computer Science DepartmentFederal University of São CarlosSão CarlosBrazil

Personalised recommendations