Data privacy, security and trust in "consumer internet of things" assemblages and associated mobile applications in South Africa

Abstract

The Internet of Things (IoT) brings with it opportunities and challenges. IoT technology makes it possible to connect all of a person’s devices to create a smart eco-system or assemblage. Various stakeholders share personal data with companies in the consumer IoT space for marketing, tracking and assessment of the IoT products. In a world where cybercriminals have increased enormously, people need to be aware of the advantages, and the risks that come with these technological advances. The purpose of this study was to explore the data privacy, security and trust issues faced by consumers of IoT in South Africa, to propose an integrated and holistic framework that promotes safer adoption of consumer Internet of Things (CIoT). The researcher explained the difference between Industrial IoT (IIoT) and consumer CIoT in the study and focused the research on the latter. This study utilized a qualitative narrative inquiry and Delphi technique to explore the challenges that come with CIoT assemblages and associated mobile applications in South Africa. The researcher’s original contribution was to develop a holistic framework that all stakeholders may use to protect consumers of IoT. The proposed framework addresses the challenges of CIoT from a legal, technical and social context viewpoint. The study looked at legal instruments around the world and compared them to the South African existing legal instruments. The researcher established that South Africa has various pieces of legislation such as the Protection of Personal Information Act 4 of 2013, the Consumer Protection Act 68 of 2008, the Electronic Communications Act 36 of 2005, and the Electronic Communications and Transactions Act 25 of 2002, that law enforcers may use to deal with the challenges IoT. However, the researcher ascertained that these laws do not necessarily address IoT specifically as they are; in fact, they are either outdated or fragmented. In addition to the background literature, the research sought expert opinions to address the technical viewpoints of the CIoT assemblage. The technical approach looked at the existing technologies, design and development considerations, and the overall architecture of CIoT. The researcher generated theme and sub-themes using thematic analysis. There main themes were regarding regulatory frameworks, privacy of personal information, security concerns, trust issues, and convenience and benefits. The study further established that consumers enjoy the convenience and benefits that IoT technology brings. The study suggested an integrated and holistic framework that promote safer adoption of CIoT and associated mobile apps. The conclusion is that for CIoT to thrive, safety is crucial, and all the stakeholders in the IoT assemblage need to ensure the protection of consumers. The suggested framework may assist in the protection of consumers of IoT. The researcher recommends a further study that covers the regulators such as ICASA in detail and the enforcement of the POPI Act.