ABSTRACT
Abstract Informed consent is an essential element of data protection for information and communication technology (ICT) systems as the consent of a data subject (e.g., the citizen) is often necessary for a third party to legitimately process personal data. To provide informed consent regarding the use of personal data, the citizen must have a clear understanding of how his/her personal data will be used by ICT applications. This may not be an easy task, especially for a citizen with a limited understanding of the complexities of ICT systems, as End User License Agreements (EULAs) are often either too complex or too generic to be easily understood. This issue is likely to become more critical in the Internet of Things (IoT) where the collection of personal data can happen in various ways, which are often not evident to the user. There is a need to define new models of informed consent that (a) address the different capabilities and features of the user of IoT systems and applications and (b) make the provision of informed consent easier. In this chapter, we describe an approach to informed consent founded on a policybased framework whereby policies that are more suited to the complexities of IoT and that can be refined on the basis of the specific features of the user or categories of users can be used to implement EULAs or more sophisticated forms of informed consent.
