ITU-T Recommendations

Internet of things (IoT) devices can collect many kinds of data, including personally identifiable information (PII). Because PII data are useful for different types of services, they may be shared among multiple service providers. It is better for users to manage their own data, including PII, in IoT environment based on their own intentions. As data usage in IoT environment with multiple service providers is complicated, user intentions for data usage should be accommodated flexibly. For example, if an IoT service provider provides the following functions, the user can appreciate that the service provider properly collects and controls data collected (including PII): – Users can configure their own PII preferences. These preferences include a list of data allowed to be shared with other service providers. – Collection and sharing of data are subject to controlled access based on PII preferences. Unauthorized data cannot be stored in data storage, and cannot be shared with other service providers. – Users can check history log of data sharing among service providers. Users can also check the time at which their data has been shared. Recommendation ITU-T X.1363 specifies a technical framework for PII handling in an IoT environment with single or multiple service providers.