Community Research and Development Information Service - CORDIS

H2020

VisiOn Report Summary

Project ID: 653642
Funded under: H2020-EU.3.7.

Periodic Reporting for period 1 - VisiOn (Visual Privacy Management in User Centric Open Environments)

Reporting period: 2015-07-01 to 2016-06-30

Summary of the context and overall objectives of the project

Public Administration (PA) authorities are working towards upgrading the level of their online services through new governance models such as the Open Government. This pushes for greater transparency, accountability and innovation aiming at increasing citizen levels of confidence and trust in PA online services. In this context, user data privacy is an important issue. As a result, to improve citizens’ awareness, trust and increase acceptance of online services provided by PAs, it is important to adopt and integrate naturally in the system privacy-aware approaches that, on the one hand allow citizens to understand their privacy needs and analyze them in the context of the various public services they might decide to use, and on the other hand, enable PA departments to analyze and design online services that take privacy into account.
Such privacy-aware approaches require a change in the way privacy is managed, from a passive manner to a proactive manner. The need to consider privacy in a proactive manner and develop techniques that incorporate privacy analysis from the start (Privacy by Design) has been identified quite a long time ago both by the industrial and academic communities. However, privacy management is something that has not been adequately considered yet by PAs’ online services. Privacy statements, which sets out the privacy rights of the citizens regarding the collection, use, storage, sharing and protection of their personal informationdata, are often difficult for citizens to fully comprehend. This is an unfortunate fact as the lack of clear and understandable privacy statements discourage citizens from using Pas PAs’ online services.
VisiOn aims to deliver a Visual Privacy Platform (VPP) which on one hand empowers citizens to specify and monitors desired levels of privacy and, on the other hand, it equips PAs with the right tools to improve citizen transparency and trust in their operations. The former is achieved by providing citizens the means to create and monitor a personal Privacy Level Agreement (PLA) and by enabling them to visualize their privacy preferences, relevant threats and trust issues. The latter is achieved by enabling PAs to:
-• analyse, visualise and develop a PLA, which can be shared with citizens through the platform;
-• analyse potential threats and vulnerabilities to their privacy needs and identify countermeasures to minimize them, while at the same time informing citizens about these;
-• analyse trust relationships with third party providers and establish whether these relationships endanger transparency and accountability from a citizen’s perspective.
The VisiOn consortium extended existing software and methodologies, which partners have developed in previous projects, in order to implement the privacy platform software components.
The VisiOn platform is composed of five components, which integrate different privacy frameworks and, softwareexisting tools:
• Privacy Assessment Component (PAC);
• Privacy Requirements Component (PRC);
• Privacy Specification Component (PSC);
• Privacy Run-time Component (PRTC);
• Privacy Visualisation Component (PVC).
The VisiOn platform will be tested in two different realistic scenario types. Type I covers situations where citizens share their data with a public authority or a local government public authority. Type II represents scenarios where healthcare public authorities from two different countries must exchange patient data to provide some required healthcare.
The validation of the platform in an operational environment will strengthen the commercialisation strategy of the project, which aims to follow a go-to-market approach. The VisiOn exploitation strategy takes in consideration a series of financing options that the consortium can choose to pursue in order to bring the platform from a prototype to the market.
Attention to the commercialization strategy is continuous because the one selected is dynamic and should evolve over time. Commercialization strategies are affected by many factors, including the vision and business philosophy of the partners, the stage of technology development, industry and market conditions. The degree of technology risk, market risk, a competitor’s activities, and the window of opportunity should all affect the VPP commercialization strategy. Designing an effective and executable commercialisation strategy is the single most important factor in successfully converting innovation into value, growth and wealth. Successful commercialisation requires robust analysis, practical experience and expert advice. The VisiOn project has many different results, the Platform as-a-whole, single components or aggregation of components, the PLA, the general project know how, and so on. The VisiOn exploitation strategy is based on commercialisation of one or more of the project results. Some exploitation will be performed by the Consortium as-a-whole, some from one or more partners. This strategy will enable partners to integrate the project results into their existing commercial offerings, thus exploring and establishing new business opportunities and ventures.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

Vision is structured in six work packages (WPs) to achieve an efficient realisation of the project’s objectives. The Project started in July 2015, after the first year the following work has been conducted and main results achieved under the six WPs:
WP1 – Project management
The project’s kick-off meeting took place in Rome, 2nd and 3rd of July 2015, with representatives of almost all beneficiaries. Following this event, the Consortium met face to face every three months and had periodic online meetings. Furthermore, in order to discuss specific issues related to the amendment, two extraordinary PGA online meetings were organized.
A Consortium Agreement between all 11 VisiOn partners was established before the beginning of the project. During the first months of the project, several issues demanding an amendment of the Grant Agreement have been identified (changes among the beneficiaries and other minor issues) and have been discussed within the consortium, with concerned parties and with the European Commission’s Project Officer (EC’s PO). Besides contractual issues, the EC’s PO has been informed regularly on the progress of the project, including submission of deliverables and achievement of milestones.
With regards to Quality Management of the project, in each work package and task. the procedures for the management of the deliverables review process and submission have been established, an Internet website to present the project to the public and a collaborative environment have been set up, mailing lists have been implemented and managed to ensure a smooth and effective communication between partners.
Seventeen deliverables that have been due so far were submitted. Eleven milestones scheduled in this phase were achieved.
WP2 – Requirements and Architecture
The main objectives of this WP, started in month 1, are the definition of the scenarios to be used for the execution of the pilots in WP5, the elicitation of users privacy needs to define their privacy requirements and the design of the VPP architecture to facilitate the components development and integration in WP3 and WP4.
Considering the mission and the services offered by the end users partners, concrete examples have been identified and modelled using one of the tools belonging to the platform itself, and, based on the actual needs identified by end users, a selection of the pilot scenarios that will be actually executed to test and show the usefulness of the VPP has been made.
Through an iterative process involving citizens and Pas PAs and following an approach based on questionnaires and scenarios the requirements for the VPP have been identified and defined. Subsequently, they have been validated and consolidated through different activities to ensure their correctness, unambiguity, completeness and consistency.
An Project Ethics Board has been set up and a “Policy Document on Personal Data and Privacy Issues” for guiding the project partners in the implementation of the activities of the project has been prepared and approved.
WP3 - Privacy Software Components
The main objective of this WP, started in month 3, is to develop, starting from the available tools, the components that will be responsible for the functionality of the VisiOn platform.
An initial mapping between the requirements identified in D2.2 “Citizens and Public Administrations Privacy Requirements” and the tools’ functionalities that could fulfil them was developed, together with a draft version of the Privacy Level Agreement (PLA) structure. It has also been defined how the platform creates the PLA and how it is managed.
In addition, the Privacy Visualisation Component, which provides visualisation capabilities both to citizen and PA’s users, has been developed.
Starting from the template for the PLA, a first version was created and circulated among all partners for comments and feedback. After the revision and the collection of partners’ feedback, a final model was created.
Based on the already agreed use cases identified in WP2, a scenario has been created to be used as a reference by all components developers to demonstrate their functionalities at the 1st annual review of the project.
WP4 VisiOn Privacy Platform
The main objective of this WP, started in month 6, is to integrate the developed software components. To achieve this, the work has been carried out in close collaboration with the WP3: providing feedback to the component and tool developers helped them to refine and update both elements achieving an improved versions for the VPP.
After discussing and further refining the architecture defined in WP2, efforts focused on two fundamental elements the front-end framework and the Vision Database. With regards to the first, the chosen approach has been to have two different frameworks: web and desktop. The web one would be used both by citizens and PAs in order to access the visualization of their data, create and answer questionnaires, obtain info about the value of their data, etc. The desktop one is focused in the modelling tools and allow PAs to do analysis of the security and privacy issues of their systems and use this information for creating additional questions for the citizens. In order to allow interactions among the different Vision VisiOn components and the front-end and to store data needed for the PLA, a common database has been created.
Once the plan for the integration was completed and a mature versions of some components and tools was available, the effective integration of the VPP started.
WP5 VisiOn Pilots
The main objective of this WP, which started in month 9, is the preparation for the execution, during the second year, of the three pilots by means of which it will be possible to assess the VPP and point out its usefulness and its potential for commercial deployment.
To achieve this a plan including all activities and areas of work focus of WP5 has been prepared, during the early stages, and a template to collect information for the pilot’s preparation and execution (number of users, timeframes, recruitment, evaluation methodology etc.), was also prepared and shared. This will be a major information and planning document for the pilots, and it will be revised several times in order for all to be both able to plan activities and detail and report them at the first official deliverable of WP5 (D5.1).
Moreover, there has been a strong collaboration with WP3 and WP4 to identify and address potential issues, mostly in terms of following the developments of the VPP and specifying how it will be best integrated within existing pilot sites systems, in order to be assessed and in order to lead to the desired benefits from each pilot partner’s perspective.
WP6 - Dissemination, Communication, Standardisation and Exploitation
The main objectives of this WP, started in month 1, is to develop the business and commercialisation plans around the VPP and disseminate the project results. Lastly, in this WP training activities for the platform users are undertaken.
For providing the cross-cutting and integrating commercialisation activities perspectives, a Commercialisation team (COM Team) was set up, which is composed of one people from each partner with strong commercial experience. The COM team discussed on the different options for the post project organisation.
To achieve the WP’s objectives was scheduled a periodic meeting to discuss the activities and the related progress. About the dissemination was defined a general rule about the dissemination and a specific register where include the info about the activity.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

All European countries are pushing towards the integration of online PA services and infrastructure. To support this move, the concept of open government has gained increasing traction in recent years, as the potential for new technologies to enhance democracy is being realised. The VPP will enable PAs to adopt an open government approach, and therefore generate important business cases for online citizen services and management of PA privacy policies. The VPP will be tested through pilots on four public administration sites and will enable PA departments to analyse and design online services that take privacy into account. On the other side, the platform will demonstrate transparency and accountability with regard to the privacy of citizen’s information through a user-friendly platform which will enable them to understand and analyse privacy needs.
Thereby, VisiOn strives to make a difference through both considering the user as the main focus, following a proactive approach of privacy where users set their privacy levels and enabling PA departments to analyse and design online services that take privacy into account (based on citizens’ inputs) throughout the development process and across different levels.
1) Enhanced innovation capacity of the private sector
The project will improve innovation capacity and the competitiveness of the industrial partners and enable them to increase their business opportunities and their portfolio. Studies have considered the relative cost to correct security and privacy defects to be 1% at design, 6.5% at implementation, 15% at testing, and 100% at maintenance. The project will develop an ICT solution with a measurably higher level of privacy compared to ICT technology following the traditional designs. An innovative part of the solution will be the capacity of monitoring and verifying the compliance with European laws and Legislations, in particular in the perspective of the new E.U. General Data Protection Regulation 2016/679 (GDPR). As an Innovation Action project, VisiOn will produce a close-to-market output. VisiOn methodologies and the VPP itself will be specifically customised for the PA domain and healthcare sector and the added value will come from the piloting in operational environments, in order to test the platform and ensure that it is user friendly and it satisfies all user needs with the regard to the use of services.
2) Increased transparency and user trust in PA online services
It has been widely accepted that citizens’ trust towards PAs is actually breached and has to be re-established or reinforced. VisiOn will provide a privacy platform that will enable, on one hand, PAs to manage private data in an accountable and transparent way, and on the other hand, it will provide citizens with the ability to control their privacy when they must share their personal data with PAs.
The monitoring of how the user data are used after they have been given to PAs is one of the main functionalities of the VPP. This, along with the warnings that the Visual Privacy ControlPrivacy Visualisation Component presented to the citizen and the enforcement of the citizen PLA will play a critical role in the maximisation of transparency and accountability.
The visualisation is a very important feature of the platform because it eases the understanding of several aspects involved that otherwise would require users to have some technical knowledge to understand. In addition, the risk of the user missing some is much lower with VPP due to the details of the PLAsPrivacy Level Agreements being visualised prior to their specifications. This will contribute to increase users trust and confidence in Public Administration online services, therefore decreasing the number of users that are reluctant to use such services. The VPP will find a trade-off between maximized functionality and usability on the one hand, and minimized intrusiveness and demands to the users on the other hand.
3) Go-to-market approach
The project aims at customize the solution and, with this aim, it will deliver a business plan. The VisiOn Business plan will represent the main driving force behind the commercial exploitation of the VisiOn outcomes. Namely, the main goal is going to market, from an operational prototype to a concrete product, with a holistic platform (i.e., VPP) that brings together privacy management functionalities and supports citizens’ and public administrations’ PLAs, across all stages of applications lifespan. It will explore the market and it will identify the value proposition, the customer segments, the key resources needed and the relevant distribution channels. The innovation of VisiOn to the European privacy enhancement technologies market will be twofold. On the one hand, VisiOn will deliver Privacy Control Tools (PCT). On the other hand, VisiOn will also deliver Privacy Management Tools (PMT) as a well-known mean of improving user experience (UX) making the technology more user friendly and facilitate to the user the understanding of privacy aspects and the consequences of sharing its information.
4) Effective Communication
Effective internal communication is ensured by the open character of the project process and the deep mutual respect among its partnersThe open character of the project process and the deep mutual respect among its partners ensures effective internal communication. Effective external communication is ensured by press releases, the number of publications, number of visits on the project website and attendances at workshops. The following main channels of communication have been identified:
• online presence: realisation of a project web site, which will make available public results and interesting news of the project but will also provide an environment to engage online with the VisiOn consortium.
• social media: creation of project accounts in relevant platforms such as LinkedIn, and Twitter, together with YouTube;
• media engagement: interviews and discussion panels, in events and newspapersTV and radio both local and international and the publication of press releases, such as newspapers and magazines;
• promotional material: preparation of relevant leaflets and brochures.

Related information

Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top