Implementing privacy by design in an IoT-controlled insurance system
Usage-Based Insurance (UBI) is an emerging trend in the insurance industry where insurance premiums packages of vehicles are calculated by the driving behaviour of its drivers to be more personalised by employing the use of IoT technologies. However, traditional IoT systems do not give users full capabilities to authorise and/or deauthorise the collection of user data at any point in time. This creates a problem of the absence of user autonomy in IoT systems. This is problematic because law enforcing documents such as the General Data Protection Regulation (GDPR) and other documents by Engineering Institutions such as the ARM AI Manifesto states that user autonomy and user data rights must be considered when developing such systems, and if we do not start now, valuable technologies such as these will not be adopted in certain parts of the world. The project seeks to tackle this problem by testing the feasibility of a design-by privacy approach in an IoT-controlled Insurance, as well as study the effects such a system will have on the systems that are highly dependent on data. In this study, a stripped-down version of the entire IoT-Controlled Insurance was created with privacy-by-design, and the results were captured and analysed. The results prove that it is feasible, and more studies must be done to enhance the efficiency of the system when data is interrupted by the user.
Applied project submitted to the Department of Computer Science and Information Systems, Ashesi University, in partial fulfillment of Bachelor of Science degree in Computer Science, May 2021
driver behaviour, data protection, privacy