Case study: Protecting data in an auto parts production facility

Authors: Dr Yujia Zhai (University of Hertfordshire); Associate Professor Scarlett Xiao (University of Hertfordshire). 

Topic: Data security of industrial robots.  

Disciplines: Robotics; Data; Internet of Things. 

Ethical issues: Safety; Health; Privacy; Transparency. 

Professional situations: Rigour; Informed consent; Misuse of data. 

Educational level: Intermediate. 

Educational aim: Gaining ethical knowledge. Knowing the sets of rules, theories, concepts, frameworks, and statements of duty, rights, or obligations that inform ethical attitudes, behaviours, and practices. 


Learning and teaching notes: 

This case study involves an engineer hired to develop and install an Industrial Internet of Things (IIoT) online machine monitoring system for a manufacturing company. The developments include designing the infrastructure of hardware and software, writing the operation manuals and setting policies. The project incorporates a variety of ethical components including law and policy, stakeholders, and risk analysis. 

This case study addresses three of the themes from the Accreditation of Higher Education Programmes fourth edition (AHEP4): Design and Innovation (significant technical and intellectual challenges commensurate the level of study), the Engineer and Society (acknowledging that engineering activity can have a significant societal impact) and Engineering Practice (the practical application of engineering concepts, tools, and professional skills). To map this case study to AHEP outcomes specific to a programme under these themes, access AHEP 4 here and navigate to pages 30-31 and 35-37. 

The dilemma in this case is presented in three parts. If desired, a teacher can use Part one in isolation, but Part two and Part three develop and complicate the concepts presented in Part one to provide for additional learning. The case study allows teachers the option to stop at multiple points for questions and/or activities as desired. 

Learners have the opportunity to: 

  • apply their ethical judgement relating to privacy and consent on the use of machine data; 
  • determine the societal impact of a technical solution to a complex problem;  
  • analyse risks associated with ethical concerns and justify their ethical decisions; 
  • communicate these risks and judgements to both technical and non-technical audiences. 

Teachers have the opportunity to:  

  • highlight a range of ethical considerations within the scope of a complex engineering project; 
  • introduce methods for risk analysis and ethical decision-making; 
  • link Engineering Council statements of ethical principles with real world situations; 
  • raise students’ awareness and demonstrate the importance of the ethics learning landscape 


Learning and teaching resources: 

Professional organisations: 

Legal regulations: 

UN agency: 

Educational resource: 

Government sites: 

 Educational institutions: 



IIoT is a new technology that can provide accurate condition monitoring and predict component wear rates to optimise machine performance, thereby improving the machining precision of the workpiece and reducing the production cost.   

Oxconn is a company that produces auto parts. The robotic manipulators and other automation machines on the production line have been developed at considerable cost and investment, and regular production line maintenance is essential to ensure its effective operation. The current maintenance scheme is based on routine check tests which are not reliable and efficient. Therefore Oxconn has decided to install an IIoT-based machine condition monitoring system. To achieve fast responses to any machine operation issues, the machine condition data collected in real time will be transferred to a cloud server for analysis, decision making, and predictive maintenance in the future. 


Dilemma – Part one – Data protection on customers’ machines:

You are a leading engineer who has been hired by Oxconn to take charge of the project on the IIoT-based machine monitoring system, including designing the infrastructure of hardware and software, writing the operation manuals, setting policies, and getting the system up and running. With your background in robotic engineering and automation, you are expected to act as a technical advisor to Oxconn and liaise with the Facilities, Security, Operation, and Maintenance departments to ensure a smooth deployment. This is the first time you have worked on a project that involves real time data collection. So as part of your preparation for the project, you need to do some preliminary research as to what best practices, guidance, and regulations apply. 


Optional STOP for questions and activities: 

1. Discussion: What are the legal issues relating to machine condition monitoring? Machines’ real-time data allows for the identification of production status in a factory and is therefore considered as commercial data under GDPR and the Data Protection Act (2018). Are there rules specifically for IIoT, or are they the same no matter what technology is being used? Should IIoT regulations differ in any way? Why? 

2. Discussion: Sharing data is a legally and ethically complex field. Are there any stakeholders with which the data could be shared? For instance, is it acceptable to share the data with an artificial intelligence research group or with the public? Why, or why not? 

3. Discussion: Under GDPR, individuals must normally consent to their personal data being processed. For machine condition data, how should consent be handled in this case? 

4. Discussion: What ethical codes relate to data security and privacy in an IIoT scenario?  

5. Activity: Undertake a technical activity that relates to how IIoT-based machine monitoring systems are engineered. 

6. Discussion: Based on your understanding of how IIoT-based machine monitoring systems are engineered, consider what additional risks, and what kind of risks (such as financial or operational), Oxconn might incur if depending on an entirely cloud-based system. How might these risks be mitigated from a technical and non-technical perspective? 


Dilemma – Part two – Computer networks security issue brought by online monitoring systems:

The project has kicked off and a senior manager requests that a user interface (UI) be established specifically for the senior management team (SMT). Through this UI, the SMT members can have access to all the real-time data via their computers or mobiles and obtain the analysis result provided by artificial intelligence technology. You realise this has implications on the risk of accessing internal operating systems via the external information interface and networks. So as part of your preparation for the project, you need to investigate what platforms can be used and what risk analysis must be taken in implementation. 


Optional STOP for questions and activities: 

The following activities focus on macro-ethics. They address the wider ethical contexts of projects like the industrial data acquisition system. 

1. Activity: Explore different manufacturers and their approaches to safety for both machines and operators. 

2. Activity: Technical integration – Undertake a technical activity related to automation engineering and information engineering. 

3. Activity: Research what happens with the data collected by IIoT. Who can access this data and how can the data analysis module manipulate the data?  

4. Activity: Develop a risk management register, taking considerations of the findings from Activity 3 as well as the aspect of putting in place data security protocols and relevant training for SMT. 

5. Discussion/activity: Use information in the Ethical Risk Assessment guide to help students consider how ethical issues are related to the risks they have just identified. 

6. Discussion: In addition to cost-benefit analysis, how can the ethical factors be considered in designing the data analysis module? 

7. Activity: Debate the appropriateness of installing and using the system for the SMT. 

8. Discussion: What responsibilities do engineers have in developing these technologies? 


Dilemma – Part three – Security breach and legal responsibility: 

At the beginning of operation, the IIoT system with AI algorithms improved the efficiency of production lines by updating the parameters in robot operation and product recipes automatically. Recently, however, the efficiency degradation was observed, and after investigation, there were suspicions that the rules/data in AI algorithms have been subtly changed. Developers, contractors, operators, technicians and managers were all brought in to find out what’s going on. 


Optional STOP for questions and activities: 

1. Discussion: If there has been an illegal hack of the system, what might be the motive of cyber criminals?   

2. Discussion: What are the impacts on company business? How could the impact of cyber-attacks on businesses be minimised?

3. Discussion: How could threats that come from internal employees, vendors, contractors or partners be prevented?

4. Discussion: When a security breach happens, what are the legal responsibilities for developers, contractors, operators, technicians and managers? 


This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Any views, thoughts, and opinions expressed herein are solely that of the author(s) and do not necessarily reflect the views, opinions, policies, or position of the Engineering Professors’ Council or the Toolkit sponsors and supporters.

Notify of
Inline Feedbacks
View all comments
Related articles

Spotlight on ethics: Developing a school chatbot for student support services

Developing a school chatbot for student support services, addresses the ethical issues of bias, social responsibility, risk and privacy.


Engineers 2030 consultation

The Engineering Professors’ Council, in collaboration with our Engineers Without Borders UK partners, invites you to contribute to the National...

Let us know what you think of our website