Date of Award

Spring 3-2021

Document Type


Degree Name

Doctor of Science in Information Systems


Business and Information Systems

First Advisor

Yong Wang

Second Advisor

Kevin Streff

Third Advisor

David Bishop

Fourth Advisor

Renae Spohn

Fifth Advisor

Mary Francis


The Internet of Things (IoT) is an environment of connected physical devices and objects that communicate amongst themselves over the internet. The IoT is based on the notion of always-connected customers, which allows businesses to collect large volumes of customer data to give them a competitive edge. Most of the data collected by these IoT devices include personal information, preferences, and behaviors. However, constant connectivity and sharing of data create security and privacy concerns. Laws and regulations like the General Data Protection Regulation (GDPR) of 2016 ensure that customers are protected by providing privacy and security guidelines to businesses. Data subjects (users) should be informed on what information is being collected about them and if they consent or not. This dissertation proposes a consent framework that consists of data collection, consent collection, consent management, consent enforcement, and consent auditing. In the framework, there are GDPR requirements embedded in different components of the framework. The consent framework can help organizations to be GDPR consent compliant. In our evaluation of the solution, the results show that our solution has coverage over GDPR consent based on our use case. Our main contributions are the consent framework, consent manager, and the consent auditing tool.