Legal and Security Issues of Data Processing when Implementing IoT Solutions in Apartments

Sammanfattning: The concept of the Internet of Things (IoT) and connected devices is a growing trend. New ways to integrate them with Smart Home Technology emerge each day. The use of sensors in IoT solutions enables large scale data collection that can be used in various ways. The European Union recently enforced a General Data Protection Regulation (GDPR) that sets guidelines for the collection and processing of personal information. The communication protocol M-Bus is a European standard (EN 13757-x) mainly used for remote reading of electrical, gas and water meters. M-Bus is being integrated with sensors because the protocol offers long battery times. There are however some known flaws with the protocol that might make it unsuitable for a large scale data collection system. A conceptualized data collection scenario with a system utilizing M- Bus is presented. The authors aim to investigate some of the security flaws with the M-Bus protocol, while also investigating the GDPR demands of the system. The thesis supplements a System Requirement Specification (SyRS) which can be used as a template for organizations implementing a similar system. An analysis of the system based on the SyRS is conducted to identify any shortcomings. Modifications to the system are proposed in order to comply with the defined SyRS. The authors concluded that M-Bus is a sufficiently reliable protocol to be used in the system, and has no inherent conflicts with GDPR. The system has a few flaws in terms of GDPR compliance, which require both administrative and technical work to comply with. The suggested modifications of the system are mainly focused on how the data is stored in various parts of it.