Master Thesis - Privacy Dashboard

3/27/2026

For my Master’s thesis in Computer Engineering at Politecnico di Torino, I worked on a Privacy Dashboard for smart home environments.

The goal of the project was to make privacy management more concrete for people who use IoT devices at home. Smart homes can include cameras, sensors, lights, alarms, and many other devices that can collect personal data about habits, presence, preferences, and daily routines.

The project was grounded in the GDPR. In the dashboard, a Data Subject is the person who owns or uses the smart home and wants to manage their privacy. A Data Controller is responsible for an application that processes personal data, while a DPO can support GDPR compliance. The platform was built to connect these roles in one place, so users could manage consents, privacy documents, right requests, and privacy-related communication.

In this context, an application is a software component installed in the user’s smart home that may process personal data. For example, a camera manager application may require consent to record video in the user’s smart home.

My work focused on making the dashboard usable in a real smart home scenario. I integrated the platform with Smartotum, a privacy-focused home automation system. This allowed the dashboard to retrieve homes, rooms, installed applications, devices, and privacy rules from the smart home environment.

One important feature I implemented was the connection between user consent, GDPR workflows, and device behavior. For example, if a user withdraws consent for video recording from the camera manager application, the dashboard can create the required rule to disable recording on the related camera devices. If the user gives consent again, the rule is removed. This made consent management not only a UI action or a legal record, but also something that can affect the real behavior of the smart home.

I also worked on the frontend architecture using React; I designed the shared state structure used to keep authentication, selected homes, applications, consents, and user roles consistent across different pages. The interface had to support different types of users, such as data subjects, data controllers, and DPOs, each with different permissions and available actions.

Another part of my work was a proof of concept for a marketplace integration. The idea was to allow an external marketplace to register applications inside the Privacy Dashboard, assign them to a data controller, and let the dashboard manage the related privacy information.

I also designed the CI/CD workflow used to build, test, publish, and deploy the application. The pipeline was organized into four main stages: building the Docker image, running automated tests, publishing the validated image, and deploying it to the demo environment. This made the release process more repeatable and reduced the risk of deploying a broken version.

The demo deployment was based on a small but complete infrastructure. I used Proxmox to manage a dedicated Linux virtual machine for the project. This kept the Privacy Dashboard isolated from the host system and gave the project a clear runtime boundary: the VM contained the services needed by the application, while the physical host remained separated from the application workload.

Inside the VM, the application stack was managed with Docker: the Privacy Dashboard and PostgreSQL ran in separate containers, connected through an internal network and with persistent data kept outside the application container. Nginx was used as a reverse proxy to expose the service through a public HTTPS endpoint.

A GitLab Runner executed the pipeline jobs on the infrastructure, connecting source code, automated validation, image publication, and deployment. I also worked on end-to-end testing for the most important flows, including consent changes and the related smart home rules.

This thesis allowed me to apply and consolidate my full-stack development skills in a real software system where privacy requirements, user experience, backend logic, deployment, and real device behavior had to fit together.

From this work, I focused on designing software that connects different parts of a system, rather than only isolated features. I worked on structuring a React frontend around shared state and role-based interfaces, integrating an external service through authentication and synchronization flows, and reasoning about data consistency between a local database and an external smart home system.

Because the dashboard was part of a larger project, it also helped me improve how I work in a team: discussing requirements, aligning interfaces, documenting decisions, and making my changes easy to integrate with the rest of the system.

The project also strengthened my practical experience with the full delivery path of a web application: from source code, to automated tests, to Docker images, to a running service exposed through real infrastructure. Overall, this project shows my ability to work across the stack: understanding requirements, implementing frontend and backend integration logic, validating behavior with tests, and deploying the result in a real environment.

Repo: https://git-softeng.polito.it/d023270/privacy-dashboard/-/tree/frontend • Live: https://privacydashboard.albertohugonin.it • Thesis: /media/projects/privacy-dashboard/PrivacyDashboard_AlbertoHugonin.pdf