Privacy, consent and authorization in IoT

Every potential consumer of an IoT product asks the same questions: Is it useful? Does it work? Can I trust it? IoT systems must handle personal data in a manner that benefits the consumers and, also, does not jeopardize their privacy. The keys to ensure this are consent and authorization. General Data Protection Regulation defines consent as a clear affirmative act, freely given, specific, informed and unambiguous. There are obvious challenges in implementing consent in IoT, which also have a direct impact on authorization. This talk discusses these challenges and reviews the standardization work on authorization.