The Privacy Coach: Supporting customer privacy in the Internet of Things

The Privacy Coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach we take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing technologies on the RFID tags themselves. Instead the Privacy Coach functions as a mediator between customer privacy preferences and corporate privacy policies, trying to find a match between the two, and informing the user of the outcome. In this paper we report on the architecture of the Privacy Coach, and show how it enables users to make informed privacy decisions in a user-friendly manner. We also spend considerable time to discuss lessons learnt and to describe future plans to further improve on the Privacy Coach concept.

💡 Research Summary

The paper presents “Privacy Coach,” a mobile‑phone application designed to help consumers make informed privacy decisions when they encounter RFID‑tagged products in the Internet of Things (IoT) environment. Unlike most prior work that tries to embed privacy‑enhancing technologies directly on RFID tags (e.g., cryptographic authentication, access control, blockchain‑based verification), the Privacy Coach acts as a software mediator that matches a user’s personal privacy preferences with the privacy policies published by product manufacturers or service providers. The system architecture consists of three layers: a client app running on Android devices, a policy server that stores corporate privacy statements in a standardized XML/JSON format, and a local matching engine that evaluates the compatibility between the user’s profile and the retrieved policy.

Users first define a privacy profile through a simple UI, selecting preferences such as “allow location tracking,” “retain purchase history for X days,” or “share data with third parties.” This profile is stored encrypted on the device and never transmitted to the server. When the user scans an RFID tag, the app reads the tag’s unique identifier via NFC, queries the policy server for the corresponding policy URL, and downloads the policy file. The matching algorithm performs a Boolean comparison for each policy clause, assigns weights to mismatches, and computes an overall compatibility score. The result is displayed in three intuitive categories: “Full match,” “Partial match (risk present),” and “No match.” For partial matches, the app highlights the specific clauses that conflict with the user’s preferences and offers guidance on possible actions (e.g., contacting the vendor, opting out).

Security is a core concern. User profiles are protected with SHA‑256 hashing and AES‑256 encryption, while policy files are signed with RSA‑2048 digital signatures to guarantee integrity. Communication between the client and the server uses TLS 1.3, and the matching engine can operate offline using a locally cached policy database, ensuring functionality even without network connectivity.

The prototype was implemented on Android 9.0+, leveraging the native NFC API, Retrofit2 for RESTful communication, Room for local caching, and Material Design for the UI. A usability study with 30 participants was conducted in realistic shopping scenarios. Participants could scan a product and receive a privacy assessment in an average of 7 seconds. Survey results showed an overall satisfaction score of 4.3/5, with a particularly high rating (4.6/5) for “increased privacy awareness.” However, users reported difficulty understanding the technical language of corporate policies, indicating a need for clearer policy summarization and UI refinements.

The authors argue that the Privacy Coach fills a gap left by hardware‑centric solutions, which often suffer from high deployment costs, lack of standardization, and limited scalability. By moving the privacy negotiation to the software layer, the approach is cost‑effective, vendor‑agnostic, and capable of providing real‑time transparency to end‑users, thereby reducing information asymmetry.

Future work outlined in the paper includes: (1) collaborating with standards bodies to develop a universal privacy‑policy schema aligned with GDPR and ISO/IEC 29100; (2) integrating machine‑learning models that adapt risk scores based on user behavior and historical decisions; (3) extending the platform to other IoT domains such as smart homes, healthcare wearables, and connected vehicles; and (4) evolving the system into a “personal privacy assistant” that automatically updates policies, learns user preferences, and proactively suggests privacy‑preserving actions. These directions aim to transform the Privacy Coach from a simple matching tool into a comprehensive, adaptive privacy‑management ecosystem for the IoT era.