VIRT-EU · Project

Ready-Made Ethics and Privacy Assessment Tools for IoT Product Teams

digitalPrototypeTRL 4Thin data (2/5)

Every smart device you buy — a thermostat, a fitness tracker, a doorbell camera — collects your data. But the people who design these gadgets rarely have a structured way to check whether what they're building respects people's privacy or crosses ethical lines. VIRT-EU studied how European IoT developers actually make these tough calls, then built practical self-assessment tools so product teams can spot privacy and ethical risks before they ship, not after a scandal hits. Think of it as a checklist for "are we being creepy?" built into the design process.

By the numbers

consortium partners

countries represented

total project deliverables

prototype tools and scenarios delivered

17%

industry participation ratio

The business problem

What needed solving

Companies building IoT devices and connected products face growing regulatory pressure from GDPR and rising consumer distrust around data practices. Most development teams lack structured methods to assess whether their designs respect privacy and ethics before launch — leading to costly redesigns, fines, or reputational damage after the fact.

The solution

What was built

The project built 4 prototype tools: PESIA self-assessment instruments for IoT developers, integrated ethical practice scenarios, an open-source data collection tool extension (downloadable from GitHub), and prototype tool concepts from co-creation workshops with developer communities. In total, 29 deliverables were produced.

Audience

Who needs this

IoT device manufacturers needing GDPR-compliant design processesSoftware companies building data-collecting applicationsPrivacy and compliance consultancies serving tech clientsSmart home and wearable product startupsCorporate innovation labs developing connected products

Business applications

Who can put this to work

IoT Product Development

SME

Target: Companies building connected devices or smart home products

If you are an IoT device manufacturer dealing with GDPR compliance headaches and fear of regulatory fines — this project developed the PESIA self-assessment tool that lets your development team flag privacy and ethical risks during design, before products reach market. The open-source prototype is downloadable from GitHub, and the methodology was tested with real developer communities across 4 European countries.

Software & Data Services

any

Target: Data analytics firms or app developers processing personal data

If you are a software company collecting user data and struggling to prove you take privacy seriously — this project created prototype tools and scenarios that walk your engineers through Privacy, Ethical and Social Impact Assessment. With 29 deliverables including downloadable code, the tools integrate ethical checks directly into your existing development workflow.

Consulting & Compliance

SME

Target: GDPR consultancies and privacy advisory firms

If you are a privacy consultancy looking for a structured methodology beyond basic GDPR checklists — this project mapped ethical practices across European IoT innovators, maker spaces, and hardware entrepreneurs, then distilled findings into the PESIA assessment method. The 4 prototype tools give you a ready-made service offering for clients building connected products.

Frequently asked

Quick answers

What would it cost to implement these ethics assessment tools?

The PESIA prototype code was released as open source via GitHub, so the tool itself is free to download and adapt. Implementation costs would depend on integration effort with your existing development processes. Based on available project data, no licensing fees are indicated.

Can these tools scale across a large product portfolio?

The PESIA tools were designed as self-assessment instruments for developer communities, meaning they can be applied project-by-project across multiple product lines. The methodology was developed and tested across 4 countries with diverse IoT innovator groups. Scaling to enterprise-wide deployment would likely require customization.

What is the IP situation — can we use this commercially?

The data collection tool extension was explicitly released as open source via GitHub. The PESIA methodology and scenarios are research outputs from a publicly funded EU project. Based on available project data, commercial use of the open-source components appears permitted, but you should verify the specific license terms on the GitHub repository.

Does this help with GDPR compliance specifically?

Yes — the project was explicitly motivated by the EU General Data Protection Regulation and built the PESIA tools to address privacy, ethical, and social impact concerns during product design. This positions it as a proactive compliance tool rather than a reactive audit. The 4 prototype deliverables directly target privacy impact assessment for IoT developers.

How mature are these tools — are they ready to use today?

The project delivered 4 prototype tools including downloadable code and integrated scenarios for developer communities. These are functional prototypes tested in workshop settings, not polished commercial software. A company would need to adapt them for production use.

Who built this and can we talk to them?

The project was coordinated by IT University of Copenhagen with a consortium of 6 partners across Denmark, Italy, Sweden, and the UK. The team included 4 universities and 1 industry partner. SciTransfer can help establish contact with the research team.

Consortium

Who built it

This is a research-heavy consortium: 4 out of 6 partners are universities, with only 1 industry partner and 1 SME, giving a 17% industry ratio. The coordinator is IT University of Copenhagen, a strong academic institution. The 4-country spread (Denmark, Italy, Sweden, UK) provides good European coverage but the low industry involvement means the tools were designed more from a research perspective than a market-ready product perspective. A business adopter would likely need to bridge the gap between academic prototype and commercial tool independently or with integration support.

IT-UNIVERSITETET I KOBENHAVNCoordinator · DK
LONDON SCHOOL OF ECONOMICS AND POLITICAL SCIENCEparticipant · UK
Copenhagen Institute of Interaction Designparticipant · DK
UPPSALA UNIVERSITETparticipant · SE
POLITECNICO DI TORINOparticipant · IT

How to reach the team

IT University of Copenhagen, Denmark — SciTransfer can facilitate an introduction to the research team

Order a report on this consortium See IT-UNIVERSITETET I KOBENHAVN profile →

Next steps

Talk to the team behind this work.

Want to integrate ethical design assessment into your IoT development process? SciTransfer can connect you with the VIRT-EU team and help evaluate how PESIA fits your product workflow.

Order a report on this topic More in Digital & ICT