The University of Sheffield, Sheffield, UK.
Department of Economics, University of Foggia, Foggia, Italy.
Risk Anal. 2022 Aug;42(8):1784-1805. doi: 10.1111/risa.13661. Epub 2020 Dec 27.
Internet of things (IoT) business partnership are formed by technological partners and traditional manufacturers. IoT sensors and devices capture data from manufacturers' products. Data enforce product/service innovation thanks to data sharing among companies. However, data sharing among firms increases the risk of data breaches. The latter is due to two phenomena: information linkage and privacy interdependency. Data Protection Authorities (DPA) protect data users' rights and fine firms if there is an infringement of privacy laws. DPA sanction the responsible for the infringement of privacy laws. We present two different business scenarios: the first occurs when each firm is a data owner; the second occurs when only the manufacturer is the data owner. For both scenarios, we present two fair penalty schemes that suggest the following: total amount of the fine; and how to share the fine among participants. Penalties critically vary at how innovation networks are structured in IoT industries. Our penalties provide incentives to data sharing since they redistribute firms' responsibility against data breaches. Our penalties may mitigate the risk on the manufacturer if is the unique responsible for data handling.
物联网 (IoT) 业务伙伴关系由技术合作伙伴和传统制造商组成。IoT 传感器和设备从制造商的产品中捕获数据。由于公司之间的数据共享,数据推动了产品/服务创新。然而,公司之间的数据共享增加了数据泄露的风险。后者归因于两个现象:信息链接和隐私相互依存。数据保护机构 (DPA) 保护数据用户的权利,并在违反隐私法时对公司进行罚款。DPA 制裁违反隐私法的责任人。我们提出了两种不同的业务场景:第一种情况是每家公司都是数据所有者;第二种情况是只有制造商是数据所有者。对于这两种情况,我们提出了两种公平的罚款方案,建议如下:罚款总额;以及如何在参与者之间分配罚款。在物联网行业中,创新网络的结构如何对罚款产生重大影响。我们的罚款通过重新分配公司对数据泄露的责任,为数据共享提供了激励。如果制造商是唯一负责处理数据的人,我们的罚款可能会减轻制造商的风险。
