PRIVACY FLAG - Enabling Crowd-sourcing based privacy protection for smartphone applications, websites and Internet of Things deployments

01/05/2015 to 30/04/2018


Privacy Flag (PF) combines crowdsourcing, ICT technology and legal expertise to protect citizen privacy when visiting websites, using smart-phone applications, or living in a smart city leveraging user-friendly solutions provided as a smart phone application, a web-browser add-on and a public website. It develops a highly scalable privacy monitoring and protection solution as well as a global knowledge database of identified privacy risks, together with online services to support companies and other stakeholders in becoming privacy-friendly. Furthermore, it collaborates with standardization bodies and it disseminates towards the public and specialized communities (such as ICT lawyers, policy makers and academics).

Who is the project designed for?

Privacy Flag develops a clear methodology and a suite of assessment tools to be used by various stakeholders, aiming to enhance awareness about privacy protection when visiting websites, using smart-phone applications or accessing IoT applications.

Privacy Flag promotes innovation capacity and competitiveness for the market. In particular, it implicates for rebalancing and mitigating unfair competitive advantages, as improvements in privacy protection do constitute a competitive advantage for the European industry, especially by promoting and publicizing the European norms for personal data protection at the global level. Data collected on European citizens is largely used by non-European companies to support marketing and these get a competitive advantage towards the competition, creating an effective bias. By limiting such access, Privacy Flag contributes to mitigate this unfair economic bias.

Privacy Flag also supports both European industry and SMEs as it promotes solutions providing an extra guarantee when accessing Internet or when using smartphone applications. Privacy Flag enhances SMEs’ actions working in cyber security and resilience as well those involved in the privacy and data protection market. Moreover, it supports activities in the research community and promotes aspects for innovative standardization initiatives in a collaborative framework with related bodies and/or authorities.

How is your project benefitting the end-user?

Privacy Flag combines crowdsourcing, ICT technology and legal expertise to protect citizen privacy when visiting websites, using smart-phone applications or living in a smart city and accessing IoT applications.
Privacy Flag develops a clear methodology and a suite of assessment tools, publicly and easily accessible by all involved end-users, to evaluate the level of risk for privacy and personal data exploitation by third parties for different perspectives, including:

  • Citizens, which constitute the “main target” group;
  • Companies and SMEs;
  • Smart cities and public administrations, considering deploying of Internet of Things;
  • Researchers and research projects to assess their risk level to breach privacy;
  • ICT Lawyers and policy makers.

Moreover, Privacy Flag implicates for a broader societal impact via increasing end-users’ awareness about privacy protection. Furthermore, Privacy Flag also implicates for environmental impact via reducing unwanted data flow on the Internet and mobile phone network as well as for economic impact via promoting innovations and competitiveness for the market
In order to support the long-term maintenance and exploitation of the Privacy Flag platform, a dedicated legal entity aiming at protecting privacy and personal data protection has been set-up in Geneva, Switzerland to “liaise” with ISO, ITU and IEC.

Please briefly describe the results your project achieved so far

  • Three user-friendly and freely available tools for citizens, including an Android application, an add-on for their Internet browsers (both enabling users to monitor/identify threats on their privacy) and a public website.
  • Distributed crowdsourcing privacy monitoring platform, enabling the crowd to mutualize their efforts and resources by running a local application.
  • Universal Privacy Risk Area Assessment tool and Methodology (UPRAAM) for evaluating the level of risk on privacy and personal data protection, “matching” the European and international norms/standards.
  • Privacy enablers integrated into the application and browser add-on for privacy risk assessment and traffic analysis/protection.
  • Global knowledge database on privacy risks indexing websites, smartphone applications and IoT deployments, fed by the crowd (applying the UPRAAM), by alerts received.
  • Voluntary Compliance Commitment tool (VCCT) enabling any company or public administration to formally and publicly commit/abide to respect the European standards, even if located outside of Europe.
  • On-line resources to improve privacy.
  • In-depth privacy risk analysis on-line tool for experts.
  • Labelling and certification process proposed to companies with solutions fully compliant with the privacy requirements.
  • Standard on privacy labelling by exploring the possibility to cooperate with the ESOs.

What are the next steps for your project?

Privacy Flag has already developed and tested a platform providing several user-friendly and freely available tools to the citizens to be accessed:

  • As an add-on in their Internet browsers;
  • As an Android application on their smart-phone;
  • As a public website.

Further actions aim to extend the applicability of those tools and promote their usage in a wider framework, accessing more end-users and potentially offering updates/enhancements, where relevant.
In addition, Privacy Flag has developed a Voluntary Compliance Commitment Tool (VCCT) enabling any company or public administration to formally and publicly commit and abide to respect the European standards, even if located outside of Europe.
A legal entity has been formulated within the Privacy Flag consortium aiming to support the long-term maintenance and exploitation of the platform.

Tuesday, 13 February, 2018

Project type:


EU to strenghten its expertise in cybersecurity research, technology and industrial developmen

Europe is stepping up its protection against cybersecurity threats, and is discussing a new structure of pool of expertise which will help secure the digital single market and increase the EU’s autonomy in the area of cybersecurity.

Europe is currently working on the establishment of a top knowledge base for cybersecurity and a network of national cybersecurity coordination centres called the European Cybersecurity Industrial, Technology and Research Centre and the Network of National Coordination Centres.

Future Events

Cyber Insurance and its Contribution to Cyber Risk Mitigation - Leiden March 25-29
25/03/2019 to 29/03/2019

The rise in both the scale and severity of recent cyberattacks demands new thinking about cybersecurity risk and the mitigation and transfer of that risk. Cyber insurance is one potential way to manage risk by transferring damage liability, but the cyber insurance market is immature and the understanding and actuarial knowledge of cyber-risk is currently underdeveloped.

e-SIDES workshop 2019

e-SIDES workshop: Towards Value-Centric Big Data: Connect People, Processes and Technology


2 April 2019

10am to 4pm


e-SIDES is a research project funded by European Commission H2020 Programme that deals with the ethical, legal, social and economic implications of privacy-preserving technologies in different big data context.