Background

Regulations contained in the TTDSG and DGSV0 mandate that providers of smart home devices (i.e., technical devices that can be controlled by smartphone or computer) have to obtain users’ consent in order to be authorised to process the collected data. Unlike existing consent management platforms (CMPs) used on websites or by apps, smart home devices have no user interface. Consequently, it is necessary to develop solutions that are workable without a direct interface, but offer an interface on an app or a control unit instead.

Project Content 

Together with various stakeholders, we already defined the framework conditions for consent management platforms that suit the needs of smart home providers and, at the same time, satisfy policies on data protection and data usage. Different approaches were tried out and tested and a minimum viable product was developed based on the most promising ideas. However, in the course of this work we became aware of an additional problem. At the DSK (i.e., conference for data privacy) it was announced that new regulations on data protection classify the use of (user) IDs as a violation, unless costumers and users are given the chance to consent to the use of their ID. It is mandatory for providers to keep information available on when, by whom and on which device the consent was given, at least for the duration of data processing. Although IDs may not be used by service providers, they need to store information concerning the consent in a traceable manner. Finding a solution to this problem is the main topic of the present project. 

Goals and Results

The current project builds on the results of the previous impact innovation project of the company APOCRAT. The main aim is to turn a minimum viable product (MVP) already available into a legally compliant prototype that does not use user IDs when storing user consent. This aspect went unnoticed so far but is a relevant and crucial update for our consent management solution as it provides a product that conforms to data protection regulations.