Personal data have become a valuable commercial asset. This has encouraged various stakeholders – data controllers – to collect and trade personal data, often without data subjects’ awareness and acceptance. The European Union has taken an international lead by creating a legal framework to protect its citizens’ rights and interests in their personal data.
However, creating a global privacy-protection framework is a complicated matter. For example, modern technologies, like the Internet and smart phone applications, allow data to be collected and transferred rapidly across borders. Many personal data-collecting applications have been developed, and are located, outside the jurisdiction of the EU, and their operation is often invisible to the average data subject. Even where privacy protections are provided, applying and enforcing privacy norms is outside the experience of many citizens.
The Privacy Flag project has undertaken research to develop the combined potential of crowdsourcing, ICT technologies and legal expertise to protect citizens’ privacy when they visit websites, use smartphone applications, or live in a ‘smart city’. Its outputs will enable citizens to monitor and control their privacy via user-friendly solutions: a smart phone application, a web browser add-on, and a public website – all connected to a shared knowledge database.
Privacy Flag builds upon the outcomes of several related research projects, in order to provide a new paradigm of privacy protection. This combines “endo-protection” – locally deployed privacy enablers protecting the citizens privacy from unwanted external access to their data; and “exo-protection” – a distributed and crowd-sourced monitoring framework providing a collective protection framework utilising increased citizen awareness to place pressure on companies to improve their privacy compliance.