New tools in the battle against online data misuse
Advances in digital technology are challenging our concept of privacy. In today’s world, huge volumes of data are being collected, shared and stored in unprecedented ways and at tremendous speeds. Everything we do with our connected devices generates data that can be used or misused without our knowledge. Controlling when and how our personal data is used by others seems impossible, especially since sharing this information is an integral part of our participation in today’s society. To tackle this problem, the EU-funded project PRIVACY FLAG has created helpful tools that promote privacy and personal data protection. These tools are based on an innovative system called the Universal Privacy Risk Area Assessment Methodology (UPRAAM). UPRAAM was developed by the project team to assess whether applications, websites and Internet of things (IoT) technology comply with the EU’s General Data Protection Regulation (GDPR) and Swiss data protection law. Using the UPRAAM-based tools, citizens can check if their privacy rights are being respected and companies can get the help they need to comply with personal data protection requirements. Tools for citizens There are three tools to help citizens monitor and control their privacy: a smartphone app, a browser add-on and a threat observatory. The mobile app informs users about potential privacy risks from apps installed on their Android-powered phones and tablets. Similarly, the browser add-on notifies users about a possible breach of privacy when browsing on the internet. Software and websites are deemed privacy friendly and safe or not based on analyses using input from technical enablers and crowdsourcing data from UPRAAM end users. The third tool available to citizens, but also useful for legislators, web developers, security researchers and businesses, provides a general overview of data privacy on the internet. Using graphs and charts, the observatory presents information on best practices adoption on the web, and identifies issues with widely deployed technologies that lack data security. Links to the three free tools can be found on the PRIVACY FLAG website. Tools for companies Another three tools focus on helping companies comply with data protection laws. The first, called the Privacy Pact, is a voluntary yet legally binding mechanism established to encourage non-EU companies to commit to respecting European data protection laws. Companies signing the Privacy Pact are awarded a certified label demonstrating their compliance with European data protection standards. Another helpful tool is the European Privacy Portal that provides useful links to legal references, research projects, resources and organisations related to privacy and personal data protection. The final tool is a data protection certification scheme that was designed to analyse the compliance of products, services and information management systems with the GDPR. Called the EuroPrivacy certification scheme, it’s the first of its kind to address emerging technologies such as IoT deployments and smart cities. According to project partner University of Bristol’s Professor Andrew Charlesworth, who was quoted in a press release published on the university’s website, this scheme is an “example of the sustainability of the project’s outputs.” PRIVACY FLAG (Enabling Crowd-sourcing based privacy protection for smartphone applications, websites and Internet of Things deployments) has promoted the protection of citizen privacy by combining crowdsourcing, ICT technology and legal expertise. The project ended in April 2018. For more information, please see: PRIVACY FLAG project website
