Report 1: Existing Regulations on Data Privacy, Ethics, and Security

Data privacy_GDPR

Literature and market study of existing regulations and approaches regarding data privacy, ethics, and security, including GDPR constraints

This report is a deliverable from Work Package 4 (WP4) in the B4B project. The work package deals with data integration in smart buildings and addresses data connectivity between the software applications used in smart meters, building management systems, and IoT devices along with the aspects of data security, open
data standardization, information privacy and ethics.

The result from WP4 as presented in this report contributes to the development of a standardized approach for guaranteeing privacy and ethics when collecting, storing, integrating, sharing, managing, or utilizing data in smart buildings (Result 7 in the B4B).

This result also supports the other results from WP4, i.e., systemic data integration solutions (Result 8) and a methodology for transforming existing buildings aligned with the Smart Readiness Indicators (SRI) (Result 9).

This report provides an overview of existing regulations, approaches and constraints related to data security, privacy and ethics in the context of smart buildings. It presents the findings from:
– literature study/desk research performed by TNO, NEN and TU Eindhoven;
– interviews with real estate owners and facility managers into the needs and constraints to collect and manage person-related data for their buildings or facilities; and
– current measures for data management as implemented by the system, platform, and software providers for smart buildings.

This report examines the data ethics and management protocols in relation to the common procedures for data ownership and the EU-wide implemented General Data Protection Regulation (GDPR). Regarding the data management measures as implemented by the system, platform and software providers, this report examines the accessibility, including authentication and authorisation), and the security protocols to prevent data leaks and privacy breaches.

In conclusion, the areas where B4B might be concerned with person-related data are: 1) at registering the occupancy of the buildings in relation to optimization of energy consumption and maintenance; and 2) at understanding the end-users’ behaviour in relation to customizing the comfort and indoor environmental quality in relation with energy performance.

In both areas, B4B does not necessarily process the personal data; however, relevant measures related to privacy, ethics and security are still important, especially with regard to: a) assuring the compliance to the General Data Protection Regulation (GDPR) through Privacy-Aware Smart Buildings measures; and b) assuring the data security at the Building Management Systems (BMS), the on premise and off-premise (cloud) data platforms, and the IoT devices, including the end-users’ mobile devices and wearables in order to mitigate the risks of theft and misuse of (personal) data, system breaches and

This report gives input for the follow-up research to develop a standardised method for verifying the compliance of the data integration solutions as proposed in the B4B project. This method will contribute to emboldening the confidence of the end-users and widening the market acceptance for the project results.