Personal data have become merchandisable asset encouraging various stakeholders to collect such data and trade them without the end-user awareness and acceptance. The European Union has taken the lead in adapting the legal framework to better protect the citizens’ rights and interests. However, the extent of the Internet and smart phone applications, the fact that data can be retrieved without the owner knowledge and the vast majority of those applications are developed from outside the EU jurisdiction, strongly limit the possibility to effectively impose a privacy-protection framework globally with a conventional approach. Moreover, privacy norms are perceived as complex by many citizens.

The Privacy Flag project will research and combine the potential of crowdsourcing, ICT technologies and legal expertise to protect citizens’ privacy when visiting websites, using smartphone applications, or living in a smart city. It will enable citizens to monitor and control their privacy with a user friendly solution made available as a smart phone application, a web browser add-on, and a public website,- all connected to a shared knowledge database. It will benefit from the outcomes of over several related research projects, in order to provide a new paradigm of privacy protection combining “endo-protection” with locally deployed privacy enablers protecting the citizens privacy from unwanted external access to their data, and “exo-protection” with a distributed and crowd-sourced monitoring framework able to provide a collective protection framework together with increased citizen awareness and implicit pressures on companies to improve their privacy compliance.

Our key ambition is to utilize the power of the crowd combined with ICT technology and legal expertise to enable users to monitor, control and increase their level of privacy in three targeted application domains: websites, smartphones applications, and Internet of Things deployments in smart cities. It will target different segments of end-users, including:

  • Citizens, which constitute the main target group
  • Companies and SMEs
  • Smart cities and public administrations considering deploying Internet of Things
  • ICT Lawyers and policy makers

Privacy Flag will:

1. Develop a highly scalable privacy monitoring and protection solution based on:

  • Crowdsourcing mechanisms to identify, monitor and assess privacy-related risks
  • Privacy monitoring agents distributed on users’ smart phones and web browsers to identify privacy threatening activities and applications;
  • Universal Privacy Risk Area Assessment Tool and methodology tailored on European and international legal norms on personal data protection and data ownership
  • Personal Data Valuation mechanism for citizens;
  • Privacy enablers for citizens to retain control over their privacy with optimized anonymisation techniques against traffic monitoring and finger printing
  • User friendly interface informing the users and raising citizen awareness on their privacy risks when using a smart phone application or visiting a website

2. Develop a global knowledge database of identified privacy risks:

The database will cover websites, smart phone applications and smart cities deployment, including:

  • In-depth privacy risk analytical tool and services
  • Voluntary legally binding mechanism for companies located outside of Europe to align with and abide to European standards in terms of personal data protection
  • Services for companies interested in being privacy friendly
  • Researching the potential for labelling and certification

Together with online services, the database will support companies and other stakeholders in becoming privacy friendly.

3. Collaborate with standardization bodies:

The collaboration will happen with standardization bodies such as ISO, ETSI, ITU and IEC. Privacy Flag will actively disseminate towards the public and specialized communities, including lawyers, policy makers and academics. Privacy Flag will develop a privacy interest group and will establish a legal entity to ensure a long term exploitation, sustainability and maintenance of the Privacy Flag crowdsourcing platform and community.

4. Privacy Flag project will develop and deliver the following:

  • Three user-friendly and freely available tools for citizens
  • Distributed crowd-sourcing privacy monitoring platform
  • Universal Privacy Risk Area Assessment Tool (UPRAAT)
  • Privacy enablers
  • Global knowledge database on privacy risks indexing websites
  • Voluntary compliance commitment tool
  • On-line resources to improve privacy
  • In-depth privacy risk analysis on-line tool for experts
  • Exploring the potential for standardization of the designed privacy risk evaluation methodology
  • Researching the potential for privacy labelling and certification process based on the UPRAAT methodology