Use Case 2 · Home Monitoring Security System for Ageing People

SANTANDER

Our solution is based on the Connected Care Platform, allowing Tele-assistance operators to be able to monitor elderly homes with the aim to improve the quality of life of elderly people living alone and conduct decision-making based on rules and alerts configured upon the activity collected by different home sensors.

The Pilot is going to focus on home activity monitoring through the use of sensors such as presence sensors, bed occupancy sensor, window/door open sensor and smart plugs. This pilot has the aim to digitalise some of the current analogic-based, tele-assistance service provided by the Social Services department of the Santander City Council through a third-party operator.

The platform provides the following features:

• Connected Care Portal Platform user Management.
• Live Dashboard (alarms activated, latest activity)
• Patient/User Management (user data, device assignment, alarm assignment and custom setting, history data)
• Device Management (device info, connectivity & battery feedback)
• Alerts configuration (generic setting based on device/sensor type. Single Alert. Combined Alert)

Problem Overview:

This Use Case involves processing sensitive data such as the activity happening in a specific use’s home. Sensors to be deployed, have a lot of personal information that an attacker can use to track, for instance data generated from a motion sensor.  Therefore, data security and integrity are the main issue on the applicability and scalability of this solution.

Stakeholders:

• Ageing People: To be monitored to live independently at his/her residence with all the security about that if something happens, someone will be notified.
• Caregivers: Their relative can have a good QoL without any dependency.
• Tele-assistance providers: Digitalize current analogic systems and monitor in a secure way all the users of the platform.
• Dynnamizer (AYTOSAN): Smart city solutions to increase QoL
• IoT Providers: First to increase sales by providing their devices at a higher scale (i.e. if the UC is successful and replication occurs). Second, to increase security in their devices to differentiate from competitors, increase trustiness and become a leader on this area.

GDPR compliance:

This pilot implies the processing of personal data from participants. In order to adopt the right strategy for the protection of the rights and freedom of individuals (meaning freedom for individual to make choices and to control how and with whom they share data collected by sensors), we have conducted an evaluation of the need to conduct a Privacy Impact Assessment (DPIA) as defined by the GDPR.

The consortium has based the criteria evaluation of the need of DPIA under GDPR (General Data Protection Regulation), Article 35 that sets out three types of processing which always requires conducting a DPIA[1]. Furthermore, we analysed the Treatment list of DPIA[2] with eleven (11) criteria to be considered.

During the assessment, any criteria were considered as applicable to the current use case.

The pilot will be tested within a small group of individuals, in total 5 end users.In no case, the participant of the pilot will be prevented from exercising his right or access to a good or service. In the informed consent (that can be found within Deliverable D5.11 GDPR), it will be stated that participation is voluntary and at any time the user can exercise the right to leave without causing any kind of impact on the contracted service that he/she has with the tele-assistance company.

Furthermore, the use case validates the technology developed on M-Sec applying multiple secure mechanisms on different layers, however the use of new technologies doesn’t involve new forms of data collection and use with risk for the rights and freedoms of people. It only provides an enhancement on the security aspect.

In addition, some principles resulting from the philosophy of “privacy by design” have been adopted in coherence with the feasibility of the scenarios:

• Only the data necessary for the conduct of the experiment will be collected. Minimization controls have been applied to only process personal data that is considered as essential for conducting the pilot. Therefore, the consortium will only collect data that it is necessary for validating the project’s impact and to improve the development of the technology.
• The solution includes the integration of several secure components developed or enhanced by M-Sec to provide additional secure mechanisms and ensure personal data protection.
• A strict application of the principles of accountability and transparency to users will be adopted.

Furthermore, data protection issues with handling of personal data will be addressed by the following strategies:

• Volunteers to be enrolled will be given comprehensive information, so that they are able to autonomously decide whether they consent to participate or not.
• An informed consent will be provided showing the purposes of the research, the procedures, potential inconvenience or benefits as well as the handling of their data (protection, storage) will be explained (available on D5.11 GDPR).
• In order to make the research transparent, participants will sign this consent form before taking part in the pilots.
• The data gathered through logging, questionnaires, interviews and focus groups will be anonymised.
• Data will be stored only in anonymous form so the identities of the participants will only be known by the partners involved (SAN MUN and WLI) and will not even be communicated to the whole consortium.

More information about GDPR compliance of this Use Case, it can be found on D5.11 GDPR.

Latest developments:

Integration with multiple M-Sec components is almost finalised. Pilot is planned to start in August 2020 for a length of 3 months. Additionally, a second trial will be conducted on the last year of the  project (2021)

M-Sec Benefit:

There are a lot of benefits of using the M-Sec platform, the security of the Connected Care application can be improved in all layers. By using M-Sec, it is possible to go beyond compliance of GDPR by adding additional security measures to prevent external attacks that may lead to erroneous actions from end-users.

One of the benefits is high level of security that provides the use of the quorum blockchain. Blockchain is designed relaying on digital signatures and encryption increments the level of data security, not allowing tampering because the data stored in a Blockchain is immutable. It also reduces the thread of been hacked, as the information is distributed among all nodes in the network.

Furthermore by using SensiNact, Connected Care provides a fine granularity access control mechanism to allow only authorized people to read raw data or interact with IoT devices.

How can I join?

Contact Vanessa Clemente Nunez: vanessa.clementenunez@worldline.com