PRIVACY FLAG - Enabling Crowd-sourcing based privacy protection for smartphone applications, websites and Internet of Things deployments

Date: 
01/05/2015 to 30/04/2018

Introduction

Privacy Flag (PF) combines crowdsourcing, ICT technology and legal expertise to protect citizen privacy when visiting websites, using smart-phone applications, or living in a smart city leveraging user-friendly solutions provided as a smart phone application, a web-browser add-on and a public website. It develops a highly scalable privacy monitoring and protection solution as well as a global knowledge database of identified privacy risks, together with online services to support companies and other stakeholders in becoming privacy-friendly. Furthermore, it collaborates with standardization bodies and it disseminates towards the public and specialized communities (such as ICT lawyers, policy makers and academics).

Who is the project designed for?

Privacy Flag develops a clear methodology and a suite of assessment tools to be used by various stakeholders, aiming to enhance awareness about privacy protection when visiting websites, using smart-phone applications or accessing IoT applications.

Privacy Flag promotes innovation capacity and competitiveness for the market. In particular, it implicates for rebalancing and mitigating unfair competitive advantages, as improvements in privacy protection do constitute a competitive advantage for the European industry, especially by promoting and publicizing the European norms for personal data protection at the global level. Data collected on European citizens is largely used by non-European companies to support marketing and these get a competitive advantage towards the competition, creating an effective bias. By limiting such access, Privacy Flag contributes to mitigate this unfair economic bias.

Privacy Flag also supports both European industry and SMEs as it promotes solutions providing an extra guarantee when accessing Internet or when using smartphone applications. Privacy Flag enhances SMEs’ actions working in cyber security and resilience as well those involved in the privacy and data protection market. Moreover, it supports activities in the research community and promotes aspects for innovative standardization initiatives in a collaborative framework with related bodies and/or authorities.

How is your project benefitting the end-user?

Privacy Flag combines crowdsourcing, ICT technology and legal expertise to protect citizen privacy when visiting websites, using smart-phone applications or living in a smart city and accessing IoT applications.
Privacy Flag develops a clear methodology and a suite of assessment tools, publicly and easily accessible by all involved end-users, to evaluate the level of risk for privacy and personal data exploitation by third parties for different perspectives, including:

  • Citizens, which constitute the “main target” group;
  • Companies and SMEs;
  • Smart cities and public administrations, considering deploying of Internet of Things;
  • Researchers and research projects to assess their risk level to breach privacy;
  • ICT Lawyers and policy makers.

Moreover, Privacy Flag implicates for a broader societal impact via increasing end-users’ awareness about privacy protection. Furthermore, Privacy Flag also implicates for environmental impact via reducing unwanted data flow on the Internet and mobile phone network as well as for economic impact via promoting innovations and competitiveness for the market
In order to support the long-term maintenance and exploitation of the Privacy Flag platform, a dedicated legal entity aiming at protecting privacy and personal data protection has been set-up in Geneva, Switzerland to “liaise” with ISO, ITU and IEC.

Please briefly describe the results your project achieved so far

  • Three user-friendly and freely available tools for citizens, including an Android application, an add-on for their Internet browsers (both enabling users to monitor/identify threats on their privacy) and a public website.
  • Distributed crowdsourcing privacy monitoring platform, enabling the crowd to mutualize their efforts and resources by running a local application.
  • Universal Privacy Risk Area Assessment tool and Methodology (UPRAAM) for evaluating the level of risk on privacy and personal data protection, “matching” the European and international norms/standards.
  • Privacy enablers integrated into the application and browser add-on for privacy risk assessment and traffic analysis/protection.
  • Global knowledge database on privacy risks indexing websites, smartphone applications and IoT deployments, fed by the crowd (applying the UPRAAM), by alerts received.
  • Voluntary Compliance Commitment tool (VCCT) enabling any company or public administration to formally and publicly commit/abide to respect the European standards, even if located outside of Europe.
  • On-line resources to improve privacy.
  • In-depth privacy risk analysis on-line tool for experts.
  • Labelling and certification process proposed to companies with solutions fully compliant with the privacy requirements.
  • Standard on privacy labelling by exploring the possibility to cooperate with the ESOs.

What are the next steps for your project?

Privacy Flag has already developed and tested a platform providing several user-friendly and freely available tools to the citizens to be accessed:

  • As an add-on in their Internet browsers;
  • As an Android application on their smart-phone;
  • As a public website.

Further actions aim to extend the applicability of those tools and promote their usage in a wider framework, accessing more end-users and potentially offering updates/enhancements, where relevant.
In addition, Privacy Flag has developed a Voluntary Compliance Commitment Tool (VCCT) enabling any company or public administration to formally and publicly commit and abide to respect the European standards, even if located outside of Europe.
A legal entity has been formulated within the Privacy Flag consortium aiming to support the long-term maintenance and exploitation of the platform.

Week: 
Tuesday, 13 February, 2018

Project type:

Events

27/11/2018 to 28/11/2018
Cyber Investor Days

On 27th and 28th November in Berlin, Germany, ECSO is organizing in collaboration with Secunet and TeleTrusT, the Cyber Investor Days.

The most promising European cyber security start-ups and SMEs will have an opportunity to pitch their solution and meet the influential German and international investors during strategic business matchmaking sessions.

CYBER INVESTOR DAYS will be officially opened by Andreas Koenen, Director General of the Cyber and Information Security Directorate at the German Ministry of Interior, and Clemens Kabel, Investment Director at IBB Investment.

13/12/2018 to 14/12/2018
Call for Papers: Halfway Through the Digital Single Market Strategy: “Bedrock of Trust” or illusion?

Call for Papers

The Law Faculty of the University of Lille cordially invites junior and senior researchers to participate in a conference held as part of the Horizon 2020 project “TRUESSEC.eu”, on the 13th and 14th December 2018. The conference will be hosted by the Law Faculty.