IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

1. “EU to modernise law on consumer protection, available at: https://www.consilium.europa.eu/en/press/press-releases/2019/03/29/eu-tomodernise-law-on-consumer-protection/ (15 December 2019)Search in Google Scholar

2. Ablondi, W. (2018), 2018 Global Smart Home Forecast, Strategy Analytics, San Francisco.Search in Google Scholar

3. APATOR. (2019), “JS SMART+ - Vane-wheel single-jet dry water meters (DN15-20), available at: http://www.apator.com/en/offer/water-and-heat-metering/water-meters/vane-wheel-water-meters-to-r100/js-smart-dn15-20 (8 December 2019)Search in Google Scholar

4. Apiumhub (2018), “IoT security issues and risks”, available at: https://apiumhub.com/tech-blog-barcelona/iot-security-issues/ (23 February 2019)Search in Google Scholar

5. Balamurugan S., Ayyasamyio A., Suresh Joseph K., (2018), “A Review on Privacy and Security Challenges in the Internet of Things (IoT) to protect the Device and Communications Networks”, International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 6, 58-62Search in Google Scholar

6. Bastos, D., Giubilo, F., Shackleton, M., El-Moussa, F. (2018), “GDPR privacy implications for the Internet of Things”, in 4th Annual IoT Security Foundation Conference, 4 December, IoT Security Foundation, London, pp. 1-8.Search in Google Scholar

7. Bhattacharjya, A., Zhong, X., Wang, J., Li, X. (2018), “Secure IoT structural design for smart homes”, in Rawat, D. B., Zrar, K., (Eds.), Smart Cities Cybersecurity and Privacy, Elsevier, Amsterdam, pp. 187-201.Search in Google Scholar

8. Borelli, D., Xie, N., Neo, E. K. T., “The Internet of Things: Is it just about GDPR?”, https://www.pwc.co.uk/issues/data-protection/insights/the-internet-of-things-is-it-just-about-gdpr.html (14 December 2019)Search in Google Scholar

9. Bu-Pasha, S. (2020), “The controller’s role in determining ‘high risk’ and data protection impact assessment (DPIA) in developing digital smart city”, Information & Communications Technology Law, Vol. 29 No. 3, pp. 391-402.10.1080/13600834.2020.1790092Search in Google Scholar

10. Carey, P. (2018), Data Protection, Oxford University Press, Oxford.Search in Google Scholar

11. Columbus, L. (2018), “IoT market predicted to double by 2021, reaching $520B”, available at: https://www.forbes.com/sites/louiscolumbus/2018/08/16/iot-market-predicted-to-double-by-2021-reaching-520b/#5b35472d1f94 (22 February 2019).Search in Google Scholar

12. Council of the European Union. (2019), “Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Council Directive 93/13/EEC of 5 April 1993, Directive 98/6/EC of the European Parliament and of the Council, Directive 2005/29/EC of the European Parliament and of the Council and Directive 2011/83/EU of the European Parliament and of the Council as regards better enforcement and modernisation of EU consumer protection rules”, available at: https://www.consilium.europa.eu/media/38907/st08021-en19.pdf (15 December 2019)Search in Google Scholar

13. Denning, T., Kohno, T., Levy, H. M., (2013), “Computer security and the modern home”, Communications of the ACM, Vol. 56 No. 1, pp. 94-103.10.1145/2398356.2398377Search in Google Scholar

14. Determining what is personal data (2012), v1.1, 12.12.2012, ico. Information Commissioner's Office, available at: https://ico.org.uk/media/fororganisations/documents/1554/determining-what-is-personal-data.pdf (15 December 2019)Search in Google Scholar

15. Dunlap, T. (2017), “The 5 worst examples of IoT hacking and vulnerabilities in recorded history”, available at: https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities/ (25 May 2020)Search in Google Scholar

16. Edwards, L. (2016), “Privacy, security and data protection in smart cities: A critical EU law perspective”, European Data Protection Law Review, Vol. 2 No. 1, pp. 28-58.10.21552/EDPL/2016/1/6Search in Google Scholar

17. ENISA Advisory Group. (2019), “Opinion consumers and IoT security”, available at: https://www.enisa.europa.eu/about-enisa/structure-organization/advisory-group/ag-publications/final-opinion-enisa-ag-consumer-iot-perspective-09.2019 (30 September 2020)Search in Google Scholar

18. European Commission (2016b), “Directive (EU) 2016/1148 of the European parliament and of the council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union”, available at http://data.europa.eu/eli/dir/2016/1148/oj (27. September 2020)Search in Google Scholar

19. European Commission. (2014), “Commission recommendation of 10 October 2014 on the data protection impact assessment template for smart grid and smart metering systems (2014/724/EU)”, available at: http://data.europa.eu/eli/reco/2014/724/oj (27. September 2020)Search in Google Scholar

20. European Commission. (2016a), “Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”, available at: http://data.europa.eu/eli/reg/2016/679/oj 27. September 2020)Search in Google Scholar

21. Furey, E., Blue, J. (2019), “Can i trust her? Intelligent personal assistants and GDPR,” in 2019 International Symposium on Networks, Computers and Communications, , 18-20 June, IEEE, Istanbul pp. 1-6.Search in Google Scholar

22. Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G., Baldini, G. (2017), “Security and privacy issues for an IoT based smart home”, in 40th International Convention on Information and Communication Technology, Electronics and Microelectronics, 22-26 May, IEEE, Opatija, pp. 1292-1297.10.23919/MIPRO.2017.7973622Search in Google Scholar

23. Goulden, M. (2019), “‘Delete the family’: Platform families and the colonisation of the smart home”, Information, Communication & Society. doi: 10.1080/1369118X.2019.1668454Open DOISearch in Google Scholar

24. Hrvatski Sabor. (2018a), “Zakon o kibernetičkoj sigurnosti operatera ključnih usluga i davatelja digitalnih usluga” (Act on Cybersecurity of Essential Service Operators and Digital Service Providers), Official Gazette of Repubic of Croatia, 64/18.Search in Google Scholar

25. Hrvatski Sabor. (2018b), “Zakon o zaštiti potrošača” (Customer Protection Act), Official Gazette of Repubic of Croatia, No. 41/14, 110/15, 14/19.Search in Google Scholar

26. Hrvatski Sabor. (2018c), “Uredba o kibernetičkoj sigurnosti operatera ključnih usluga i davatelja digitalnih usluga” (Regulation on Cybersecurity of Essential Service Operators and Digital Service Providers), Official Gazette of Repubic of Croatia, 68/18.Search in Google Scholar

27. Iskraemeco. (2019), Manufacturer web page, available at: https://www.iskraemeco.hr/AM550.pdf (28 September 2020)Search in Google Scholar

28. James M., Chui, M., Bisson, P., Woetzel, J., Dobbs, R., Bughin, J., Aharon, D. (2015), “The Internet of Things: Mapping the value beyond the hype”, McKinsey Global Institute, available at: https://www.mckinsey.com/~/media/McKinsey/Industries/Technology%20Media%20and%20Telecommunications/High%20Tech/Our%20Insights/The%20Internet%20of%20Things%20The%20value%20of%20digitizing%20the%20physical%20world/Unlocking_the_potential_of_the_Internet_of_Things_Executive_summary.ashx (26 May 2020)Search in Google Scholar

29. Jurcut, A., Niculcea, T., Ranaweera, P., & LeKhac, A. (2020), “Security considerations for Internet of Things: A survey”. SN Computer Science, Vol. 1, Article 193.10.1007/s42979-020-00201-3Search in Google Scholar

30. Kačer, H., Ivančić-Kačer, B. (2017), “O rješavanju antinomija i pravnih praznina (posebno) na primjeru odnosa Zakona o sportu i Zakona o obveznim odnosima” (Resolving antinomies and in particular legal gaps in the example of relations between sports act and obligatory relations act), Zbornik radova Pravnog fakulteta u Splitu, Vol. 54 No. 2, pp. 397-414.10.31141/zrpfs.2017.54.124.397Search in Google Scholar

31. Lin, H., Bergmann, N. (2016), “IoT privacy and security challenges for smart home environments”, Information Vol. 7 No. 3, pp. Article 44.Search in Google Scholar

32. Narendra, M. (2019), “Research reveals the most vulnerable IoT devices”, available at: https://gdpr.report/news/2019/06/12/research-reveals-the-most-vulnerable-iot-devices/ (11 May 2020)Search in Google Scholar

33. Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G., Ghani, N. (2019), “Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations”, IEEE Communications Surveys & Tutorials, Vol. 21 No. 3, pp. 2702-2733.10.1109/COMST.2019.2910750Search in Google Scholar

34. Open Rights Group. (2019), “Privacy policies for Internet of Things devices must comply with GDPR”, available at: https://www.gdprtoday.org/privacy-policies-for-internet-of-things-devices-must-comply-with-gdpr/ (14 December 2019)Search in Google Scholar

35. Pascu, L. (2018), “The IoT threat landscape and top smart home vulnerabilities in 2018”, Bitdefender, available at: https://www.bitdefender.com/files/News/CaseStudies/study/229/Bitdefender-Whitepaper-The-IoT-Threat-Landscape-and-Top-Smart-Home-Vulnerabilities-in-2018.pdf (22 February 2019)Search in Google Scholar

36. Rose, K., Elridge, S., Chapin, L. (2015), “The Internet of Things: An overview, understanding the issues and challenges of a more connected world”, available at: https://www.internetsociety.org/wp-content/uploads/2017/08/ISOC-IoT-Overview-20151221-en.pdf (26 May 2020)Search in Google Scholar

37. Skarmeta, A., Hernández-Ramos, J., Martinez, A. (2019), “User-centric privacy”, in Ziegler, S. (Ed.), Internet of Things Security and Data Protection, Springer, Basel, pp. 191-210.10.1007/978-3-030-04984-3_13Search in Google Scholar

38. Sullivan, C. (2019), “EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era”, Computer Law & Security Review, Vol. 35 No. 4, pp. 380-397.10.1016/j.clsr.2019.05.004Search in Google Scholar

39. Tzafestas, S. G. (2018), “The Internet of Things: A conceptual guided tour”, European Journal of Advances in Engineering and Technology, Vol. 5 No. 10, pp. 745-767.Search in Google Scholar

40. Vodoservis Mate. (2019), “Ugradnja vodomjera na daljinsko očitavanje” (Installing remote reading water meter), available at: http://www.vodoservis-mate.com/s/ugradnja-vodomjera-na-daljinsko-ocitavanje/7 (8 December 2019)Search in Google Scholar

41. Vongsingthong S., Smanchat, S. (2015), “Review of data management in Internet of Things”, Asia-Pacific Journal of Science and Technology, Vol. 20 No. 2, pp. 215-240.Search in Google Scholar

42. Wachter, S. (2018b), “The GDPR and the Internet of Things: A three-step transparency model”, Law, Innovation and Technology, Vol. 10 No. 2, pp. 266-294.10.1080/17579961.2018.1527479Search in Google Scholar

43. Wachter, S. (201a), “Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR”, Computer Law & Security Review Vol. 34 No. 3, pp. 436-449.10.1016/j.clsr.2018.02.002Search in Google Scholar

44. Wallace, B. (2018), “A look at the security risks of IoT Devices”, available at: https://hackernoon.com/a-look-at-the-security-risks-of-iot-devices-f0d6ffe1441d (22 May 2020)Search in Google Scholar

45. Yang, L., Noe, E., Eliot, N. (2019), “Privacy and Security aspects of e-government in smart cities”, in Rawat, D. B., Ghafoor, K. Z. (Eds.), Smart Cities Cybersecurity and Privacy, Elsevier, Amsterdam, pp. 89-102.10.1016/B978-0-12-815032-0.00007-XSearch in Google Scholar