Personal data have become a valuable commercial asset.  This has encouraged various stakeholders – data controllers – to collect and trade personal data, often without data subjects’ awareness and acceptance. The European Union has taken an international lead by creating a legal framework to protect its citizens’ rights and interests in their personal data.

However, creating a global privacy-protection framework is a complicated matter. For example, modern technologies, like the Internet and smart phone applications, allow data to be collected and transferred rapidly across borders.  Many personal data-collecting applications have been developed, and are located, outside the jurisdiction of the EU, and their operation is often invisible to the average data subject.  Even where privacy protections are provided, applying and enforcing privacy norms is outside the experience of many citizens.

The Privacy Flag project has undertaken research to develop the combined potential of crowdsourcing, ICT technologies and legal expertise to protect citizens’ privacy when they visit websites, use smartphone applications, or live in a ‘smart city’. Its outputs will enable citizens to monitor and control their privacy via user-friendly solutions: a smart phone application, a web browser add-on, and a public website – all connected to a shared knowledge database.

Privacy Flag builds upon the outcomes of several related research projects, in order to provide a new paradigm of privacy protection.  This combines “endo-protection” – locally deployed privacy enablers protecting the citizens privacy from unwanted external access to their data; and “exo-protection” – a distributed and crowd-sourced monitoring framework providing a collective protection framework utilising increased citizen awareness to place pressure on companies to improve their privacy compliance.

Our key ambition is to utilize the power of the crowd in combination with ICT technology and legal expertise to enable users to monitor, control and increase their level of privacy in three targeted application domains: websites, smartphones applications, and Internet of Things deployments in smart cities. It will target different segments of end-users, including:

  • Citizens, which constitute the main target group
  • Companies and SMEs
  • Smart cities and public administrations considering deploying Internet of Things
  • ICT Lawyers and policy makers

Privacy Flag will:

1. Develop a highly scalable privacy monitoring and protection solution based on:

  • Crowdsourcing mechanisms to identify, monitor and assess privacy-related risks
  • Privacy monitoring agents distributed on users’ smart phones and web browsers to identify privacy threatening activities and applications;
  • Universal Privacy Risk Area Assessment Tool and methodology tailored on European and international legal norms on personal data protection and data ownership
  • Personal Data Valuation mechanism for citizens;
  • Privacy enablers for citizens to retain control over their privacy with optimized anonymisation techniques against traffic monitoring and finger printing
  • User friendly interface informing the users and raising citizen awareness on their privacy risks when using a smart phone application or visiting a website

2. Develop a global knowledge database of identified privacy risks:

The database will cover websites, smart phone applications and smart cities deployment, including:

  • In-depth privacy risk analytical tool and services
  • Voluntary legally binding mechanism for companies located outside of Europe to align with and abide to European standards in terms of personal data protection
  • Services for companies interested in being privacy friendly
  • Researching the potential for labelling and certification

Together with online services, the database will support companies and other stakeholders in becoming privacy friendly.

3. Collaborate with standardization bodies:

Privacy Flag will collaborate with standardization bodies such as ISO, ETSI, ITU and IEC. It will actively disseminate its outputs to both the general public and to specialized communities, including lawyers, policy makers and academics. Privacy Flag will develop a privacy interest group and establish a legal entity to ensure the long term exploitation, sustainability and maintenance of the Privacy Flag crowdsourcing platform and community.

4. Privacy Flag project will develop and deliver the following:

  • Three user-friendly and freely available tools for citizens
  • Distributed crowd-sourcing privacy monitoring platform
  • Universal Privacy Risk Area Assessment Tool (UPRAAT)
  • Privacy enablers
  • Global knowledge database on privacy risks indexing websites
  • Voluntary compliance commitment tool
  • On-line resources to improve privacy
  • In-depth privacy risk analysis on-line tool for experts
  • Exploring the potential for standardization of the designed privacy risk evaluation methodology
  • Researching the potential for privacy labelling and certification process based on the UPRAAT methodology