Abstract
A privacy notice is a document/notification that is addressed to consumers, describing how their personal information will be handled. While browsing the Internet, installing an app on smartphone, setting up a smart sensor or IoT devices in personal spaces, consumers are often asked to consent to privacy notices. Ideally, the consumer is expected to read and understand the notice and give an informed consent. These notices are often lengthy and complicated, containing legal-technical jargons and ambiguous statements describing commercial use of personal data. Most people reflexively choose “I consent”, unknowingly agreeing to unfair-deceptive practices. Given the ubiquity of IoT and thus ubiquity of (personal) data collection, the reliance on notice and consent is inappropriate. In this article, we present the challenges of the notice and consent paradigm, and explore the idea of privacy-assistive solutions to enhance consumer privacy awareness and control in IoT.