Legal Aspects of Operating IoT Applications in the Fog

Data protection by design aims to reduce possible privacy harms that fog applications may cause by combining it with the data protection impact assessment (DPIA) and the data protection enhancing technologies. This chapter classifies fog/edge/Internet‐of‐Things (IoT) applications, analyzes the latest restrictions introduced by the General Data Protection Regulation (GDPR), and discusses how these legal constraints affect the design and operation of IoT applications in fog and cloud environments. The GDPR introduces the data subject's right to data portability. It provides the right to obtain from the controller those data in a structured and commonly used electronic format. Secured systems combining with the data processing principles consists of privacy by default or, with the GDPR words, data protection by default (DPbD). Basically, DPbD is related to the data minimization principle and orders to the data controller to collect the minimum possible personal data during the services.