Ciardiello, F. and Di Liddo, A. (2022) Privacy accountability and penalties for IoT firms. Risk Analysis: an international journal, 42 (8). pp. 1784-1805. ISSN 0272-4332
Abstract
Internet of things (IoT) business partnership are formed by technological partners and traditional manufacturers. IoT sensors and devices capture data from manufacturers' products. Data enforce product/service innovation thanks to data sharing among companies. However, data sharing among firms increases the risk of data breaches. The latter is due to two phenomena: information linkage and privacy interdependency. Data Protection Authorities (DPA) protect data users' rights and fine firms if there is an infringement of privacy laws. DPA sanction the responsible for the infringement of privacy laws. We present two different business scenarios: the first occurs when each firm is a data owner; the second occurs when only the manufacturer is the data owner. For both scenarios, we present two fair penalty schemes that suggest the following: total amount of the fine; and how to share the fine among participants. Penalties critically vary at how innovation networks are structured in IoT industries. Our penalties provide incentives to data sharing since they redistribute firms' responsibility against data breaches. Our penalties may mitigate the risk on the manufacturer if is the unique responsible for data handling.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2020 Society for Risk Analysis. This is an author-produced version of a paper subsequently published in Risk Analysis. Uploaded in accordance with the publisher's self-archiving policy. |
Keywords: | Data Breach; Data Sharing; Cooperative Game Theory; Risk Mitigation; European GDPR |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Social Sciences (Sheffield) > Management School (Sheffield) |
Funding Information: | Funder Grant number BRITISH ACADEMY (THE) SG150933 |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 01 Dec 2020 11:52 |
Last Modified: | 24 May 2024 16:02 |
Status: | Published |
Publisher: | Wiley |
Refereed: | Yes |
Identification Number: | 10.1111/risa.13661 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:168448 |