Privacy for IoT: Informed consent management in Smart Buildings
Chehara Pathmabandu, John Grundy, Mohan Baruwal Chhetri, Zubair Baig
Future Generation Computer Systems, August 2023; 145 pp 367-383
Abstract
Smart Buildings (SBs) employ the latest IoT technologies to automate building operations and services with the objective of increasing operational efficiency, maximising occupant comfort, and minimising environmental impact. However, these smart devices – mostly cloud-based – can capture and share a variety of sensitive and private data about the occupants, exposing them to various privacy threats. Given the non-intrusive nature of these devices, individuals typically have little or no awareness of the data being collected about them. Even if they do and claim to care about their privacy, they fail to take the necessary steps to safeguard it due to the convenience offered by the IoT devices. This discrepancy between user attitude and actual behaviour is known as the ‘privacy paradox’. To address this tension between data privacy, consent and convenience, this paper proposes a novel solution for informed consent management in shared smart spaces. Our proposed Informed Consent Management Engine (ICME) (a) increases user awareness about the data being collected by the IoT devices in the SB environment, (b) provides fine-grained visibility into privacy conformance and compliance by these devices, and (c) enables informed and confident privacy decision-making, through digital nudging. This study provides a reference architecture for ICME that can be used to implement diverse end-user consent management solutions for smart buildings. A proof-of-concept prototype is also implemented to demonstrate how ICME works in a shared smart workplace. Our proposed solution is validated by conducting expert interviews with 15 highly experienced industry professionals and academic researchers to understand the strengths, limitations, and potential improvements of the proposed system.

REPRESENT: REPresentativeness of RESearch data obtained through the ‘General Informed ConsENT’
Research
Cristina Bosmani, Sonia Carboni, Caroline Samer, Christian Lovis, Thomas Perneger, Angela Huttner, Bernard Hirschel
BMC Medical Ethics, 13 February 2023; 24(10)
Open Access
Abstract
Background
We assessed potential consent bias in a cohort of > 40,000 adult patients asked by mail after hospitalization to consent to the use of past, present and future clinical and biological data in an ongoing ‘general consent’ program at a large tertiary hospital in Switzerland.
Methods
In this retrospective cohort study, all adult patients hospitalized between April 2019 and March 2020 were invited to participate to the general consent program. Demographic and clinical characteristics were extracted from patients’ electronic health records (EHR). Data of those who provided written consent (signatories) and non-responders were compared and analyzed with R studio.
Results
Of 44,819 patients approached, 10,299 (23%) signed the form. Signatories were older (median age 54 [IQR 38–72] vs. 44 years [IQR 32–60], p < .0001), more comorbid (2614/10,299 [25.4%] vs. 4912/28,676 [17.1%] with Charlson comorbidity index ≤ 4, p < .0001), and more often of Swiss nationality (6592/10,299 [64%] vs. 13,813/28,676 [48.2%], p < .0001).
Conclusions
Our results suggest that actively seeking consent creates a bias and compromises the external validity of data obtained via ‘general consent’ programs. Other options, such as opt-out consent procedures, should be further assessed.

A Comparative Data Protection Analysis of Healthcare Robots: On Informed Consent in Human-Robot Interaction
Research Article
Yueh-Hsuan Weng
Frontiers in Artificial Intelligence and Applications, 1 January 2023
Abstract
As societies across the developed world are dealing with problems associated with aging populations, a promising solution in the form robotics technologies that support elderly people in their daily healthcare has emerged. However, emerging technology are like a double-edge sword. Although healthcare robots can be used for elderly and disabled people with different levels of assistive supports, ie by monitoring their real time health for prompt interaction or by communicating with people to reduce their anxiety, they also bring with them many concerns from an ethical, legal and societal perspective. Among them, one serious issue is privacy and data protection. When healthcare robots are powered by machine learning and distributed databases, “data-driven” networked healthcare robots will be able to gather a huge amount of personal data in physical environments through their interactions with humans. There are several alternative approaches of data protection for “data-driven” networked healthcare robots, including privacy by design, de-identification of data and informed consent. In this article our focus is on the issue of informed consent in human-robot interaction. My argument is that specific conditions of intelligent robots (i.e., embodiment) will mean that the principle of informed consent cannot just be copied and applied to “data-driven” networked healthcare robots. I will make the comparison of the two types of informed consent to clarify our targeted “informed consent in human-robot interaction”. Furthermore, there is a need to discuss potential legal conflicts of this new type of informed consent when it is applied to different countries and their respective legal regimes. Hence, in this article I will conduct a comparative legal analysis of European, American and Japanese data protection law to investigate how such differences might influence the implementation of informed consent to data-driven healthcare robots.

Consent Codes: Maintaining Consent in an Ever-expanding Open Science Ecosystem
Stephanie O. M. Dyke, Kathleen Connor, Victoria Nembaware, Nchangwi S. Munung, Kathy Reinold, Giselle Kerry, Mamana Mbiyavanga, Lyndon Zass, Mauricio Moldes, Samir Das, John M. Davis, Jordi Rambla De Argila, J. Dylan Spalding, Alan C. Evans, Nicola Mulder, Jason Karamchandani
Neuroinformatics, 15 December 2022
Open Access
Abstract
We previously proposed a structure for recording consent-based data use ‘categories’ and ‘requirements’ – Consent Codes – with a view to supporting maximum use and integration of genomic research datasets, and reducing uncertainty about permissible re-use of shared data. Here we discuss clarifications and subsequent updates to the Consent Codes (v4) based on new areas of application (e.g., the neurosciences, biobanking, H3Africa), policy developments (e.g., return of research results), and further practical considerations, including developments in automated approaches to consent management.

An e-consent framework for tiered informed consent for human genomic research in the global south, implemented as a REDCap template
Database
Tsaone Tamuhla, Nicki Tiffin, Taryn Allie
BMC Medical Ethics, 24 November 2022; 23(119)
Open Access
Abstract
Research involving human participants requires their consent, and it is common practice to capture consent information on paper and store those hard copies, presenting issues such as long-term storage requirements, inefficient retrieval of consent forms for reference or future use, and the potential for transcription errors when transcribing captured informed consent. There have been calls to move to electronic capture of the consent provided by research participants (e-consent) as a way of addressing these issues. A tiered framework for e-consent was designed using the freely available features in the inbuilt REDCap e-consent module. We implemented ‘branching logic’, ‘wet signature’ and ‘auto-archiver’ features to the main informed consent and withdrawal of consent documents. The branching logic feature streamlines the consent process by making follow-up information available depending on participant response, the ‘wet signature’ feature enables a timestamped electronic signature to be appended to the e-consent documents and the ‘auto-archiver’ allows for PDF copies of the e-consent documents to be stored in the database. When designing the content layout, we provided example participant information text which can be modified as required. Emphasis was placed on the flow of information to optimise participant understanding and this was achieved by merging the consent and participant information into one document where the consent questions were asked immediately after the corresponding participant information. In addition, we have provided example text for a generic human genomic research study, which can be easily edited and modified according to specific requirements. Building informed consent protocols and forms without prior experience can be daunting, so we have provided researchers with a REDCap template that can be directly incorporated into REDCap databases. It prompts researchers about the types of consent they can request for genomics studies and assists them with suggestions for the language they might use for participant information and consent questions. The use of this tiered e-consent module can ensure the accurate and efficient electronic capture and storage of the consents given by participants in a format that can be easily queried and can thus facilitate ethical and effective onward sharing of data and samples whilst upholding individual participant preferences.

Toward Dynamic Consent for Privacy-Aware Pervasive Health and Well-being: A Scoping Review and Research Directions
Hyunsoo Lee, Uichin Lee
IEEE Pervasive Computing, 2022; pp 1-8
Abstract
Recent advances in sensor-enabled services have facilitated the use of mobile, wearable, and IoT devices; for example, an extensive range of sensor data are used to automatically track symptoms and diagnose health and well-being status of an individual (e.g., depression). As personal data are being continuously and unobtrusively sensed and collected at large scale, this raises privacy concerns in certain contexts (e.g., GPS data collection at privacy-sensitive places). Current one-off informed consent in such pervasive sensing scenarios does not offer context-awareness support that enables selective data disclosure based on a user’s needs or preferences (e.g., disabling GPS data collection when visiting hospitals). A lack of context-awareness support in informed consent would be a critical barrier to user acceptance of data-intensive pervasive computing for health and well-being. As an alternative method, we introduce the concept of “dynamic consent,” a type of informed consent that enables granular data consent and management, initially introduced in biomedical research for patient data management. We explore how this consent practice within biomedical research might inform usable privacy designs in pervasive computing by conducting a scoping review of dynamic consent literature and discussing future research directions.