"As the IoT market becomes more focused on data, oneM2M is working on GDPR and PIPA support issues"

March 2020 - JaeSeung Song is the Vice-Chair of oneM2M's Technical Plenary (TP). He is an associate professor, leading the Software Engineering and Security group (SESlab) in the Computer and Information Security Department at Sejong University and a researcher at the Korea Electronics Technology Institute (KETI).


Q: Would you begin by talking us through your research interests and work within oneM2M

JS. My research interests cover several areas, including software engineering, smart cities and vehicle-to-everything communications. I focus on design and engineering issues. This includes creating reliable Internet of Things (IoT)/M2M service layer platforms, particularly in the context of semantic IoT data interoperability, secure software patch techniques and machine learning.

In addition to holding the position of TP Vice Chair, I also Chair a local oneM2M mirror group for Korea's Telecommunications Technology Association (TTA). TTA is a founding partner of oneM2M, and my role is to provide a visionary direction for IoT service layer platforms, both to the oneM2M group and to the Korean oneM2M members.

Q: Would you help our readers to understand what you mean by the IoT market focusing more on data?

JS. The early challenges in the IoT market were all about connecting applications and devices and, creating a standards-based framework to do this consistently. We have now reached a point where there is a lot of IoT data. Several cities are using oneM2M and we hear about the need for better tools to manage data semantically. These are the same kinds of issues we see with conventional Internet traffic and through research studies on topics such as Linked Data that provide mechanisms for meshing disparate and heterogeneous data.

When we consider near term issues, there are other aspects to the issue of data in IoT and smart city applications. One of these relates to data protection related regulations such as the EU's General Data Protection Regulation (GDPR) and South Korea's Personal Data Protection Laws (PIPA).

 Q: How is oneM2M getting involved with data protection related regulations?

JS. Over the past few months, oneM2M has run a study on the topic of enhancing oneM2M systems to support data protection related regulations around the world. In fact, many countries have data privacy regulations in place for protecting any kind of information that can be used to identify an individual. Such regulations protect the processing, and movement of personal data. As systems based on the oneM2M standard are designed to collect and manage data (including personal and private data), they are heavily influenced by privacy-related regulations such as PIPA and GDPR.

The current oneM2M system supports some mechanisms required to handle private data such as pseudonymised Uniform Resource Identifiers (URIs). However, the oneM2M system needs to standardise mechanisms on data handling based on different regulations mandated by each country.

In order to cope with such issues, we presented a Technical Report (TR), TR-0062 oneM2M System Enhancement to Support Privacy Data Protection Regulations (eDPR), on this topic, covering system enhancements to support data protection regulations such as GDPR and PIPA. In fact, this study was approved at the last TP (TP43 in December 2020) under a new work item, WI-0095 - "oneM2M System Enhancements to Support Data Protection Regulations". Other members that supported the study include AT&T, BOE, Convida, Cisco, Gemalto, Huawei, Hitachi, Hyundai Motors, KETI, NEC Europe, Nokia, NTT, TIM and Qualcomm.

During the meeting, participants at the TP discussed the gaps in what oneM2M currently supports. We also looked at which features need to be introduced to help IoT platforms to comply with governments' regulations.

There will be discussions on key issues and potential solutions in the coming TPs. After performing an intensive gap analysis and developing potential solutions, oneM2M plans to publish a white paper on "Global standard-based IoT service platform to support GDPR".