The Privacy Backplane Project

exploring a legal-technical framework for individualized privacy policies in IoT environments



Ubiquitous sensing in human spaces is rapidly becoming a fact of life. Large collections of IoT devices feed a vast sensing infrastructure that records and analyzes personal and private information. Maintaining privacy in the future without hamstringing the utility of IoT-derived data is a key practical and research challenge. In contrast to one-size-fits-all legal privacy frameworks like GDPR and CCPA, we envision a new legal-technical framework called the Privacy Backplane that enables individuals to specify and control the policies governing how information gathered about them is accessed, used, and stored. The legal framework mandates that IoT environments negotiate clear policies with individuals about how data collected by IoT devices about them can be used, and then enforces those policies. The technical framework implements such negotiation and enforcement, and certifies that the policies are followed. In effect, this can be viewed as the inverse of classic DRM: individuals are the content producers, and have knowledge of and control over the policies applied to their information.




Graduate Students#



NSF logo