Abstract

Many IoT devices like sensors lack screen displays or input devices, thus making them hard to meet the consent conditions that GDPR requires. This is acting as a legal barrier for further advancement in the corresponding business field. In this paper, we designed the process for consent of personal information collection that meet the legal conditions of privacy policy. In this design, user's personal data is received in an encrypted form by data collecting server first. The encrypted personal data can be decrypted after associating with user agent based on the consent procedure of the collection of personal information. This kind of personal information collection agreement procedure in IoT system will satisfy the transparent and freely given consent requirements of GDPR.