Periodic Reporting for period 1 - SOTERIA (uSer-friendly digiTal sEcured peRsonal data and prIvacy plAtform)
Período documentado: 2021-10-01 hasta 2023-05-31
Data inquiry schemes currently deployed have two major disadvantages:
• data must be repeatedly filled in for each e-service which is time-consuming and lowers the rate of visits converted to sales for service providers.
• data collection and its use are rarely transparent to citizens today. Currently, third-party's access to citizens' data is generally not fully transparent, and citizens are uncertain who monitors, accesses, and modifies their personal data.
Cybersecurity incidents increase citizens’ fears that new technologies will undermine their privacy.
Since the establishment of the GDPR, Europeans' perception of the importance of protecting their personal data has changed. Still, this growing awareness is not yet accompanied by a massive change in behaviour.
SOTERIA will radically transform all citizens (regardless of their gender, age, or ICT skills) behavior regarding privacy, personal data protection, and security. With SOTERIA, EU citizens become active actors in the landscape by having full control over their data.
SOTERIA will develop and test in an operational environment, with the involvement of 6,500 citizens, a single, secured, user-driven, user-centric, and user-friendly personal data management tool. This 3-year transdisciplinary project, uses stakeholders’ knowledge, from both SSH and technology angles, to develop an innovative solution.
• data must be repeatedly filled in for each e-service which is time-consuming and lowers the rate of visits converted to sales for service providers.
• data collection and its use are rarely transparent to citizens today. Currently, third-party's access to citizens' data is generally not fully transparent, and citizens are uncertain who monitors, accesses, and modifies their personal data.
Cybersecurity incidents increase citizens’ fears that new technologies will undermine their privacy.
Since the establishment of the GDPR, Europeans' perception of the importance of protecting their personal data has changed. Still, this growing awareness is not yet accompanied by a massive change in behaviour.
SOTERIA will radically transform all citizens (regardless of their gender, age, or ICT skills) behavior regarding privacy, personal data protection, and security. With SOTERIA, EU citizens become active actors in the landscape by having full control over their data.
SOTERIA will develop and test in an operational environment, with the involvement of 6,500 citizens, a single, secured, user-driven, user-centric, and user-friendly personal data management tool. This 3-year transdisciplinary project, uses stakeholders’ knowledge, from both SSH and technology angles, to develop an innovative solution.
SOTERIA relies on a co-creation approach: citizens from Spain, Austria, and Romania have been involved at every step of SOTERIA’s platform development through surveys, focus groups, and interviews. A first round of interviews has been conducted at the early stages of the project, to evaluate citizens’ needs and expectations regarding SOTERIA. A second round of interviews has been conducted to get feedback on SOTERIA’s first prototype, based on a video introducing SOTERIA’s concept. Finally, a third round assessed citizens’ specific needs on the three project use-cases: e-voting, e-health, and e-exam.
In parallel with assessing citizens’ expectations regarding SOTERIA, technical developments for the platform have been initiated. Specifications have been defined, including as many as possible of citizens' and eIDAS regulation requirements. A digital identity provider demonstrator has been developed. It relies on a secure identity verification, that integrates advanced security checks on the identity document, and biometrics verifications. The architecture of SOTERIA platform has been designed, including a digital data vault to protect data at rest, and the privacy tools needed to control the personal information shared with the service provider and to ensure that the SOTERIA solution achieves the necessary privacy properties.
Preliminary work has been done to prepare the pilots’ implementation in the third year of the project. In particular, each use-case has been designed to include at least 900 citizens divided into 3 scenarios. The integration of SOTERIA in the existing service providers’ platform has also been considered, and some proof of concept of user authentication has been performed. A helpdesk to provide assistance to citizens is currently under construction.
Activities have been performed to raise awareness among citizens on data privacy and security, including the development of an awareness e-training. Ethical issues are closely monitored to ensure compliance of SOTERIA with fundamental ethics principles.
The project’s partners are in close contact with European stakeholders involved in the definition of eIDAS 2.0 which will state the basis framework for European wallets in the future.
In parallel with assessing citizens’ expectations regarding SOTERIA, technical developments for the platform have been initiated. Specifications have been defined, including as many as possible of citizens' and eIDAS regulation requirements. A digital identity provider demonstrator has been developed. It relies on a secure identity verification, that integrates advanced security checks on the identity document, and biometrics verifications. The architecture of SOTERIA platform has been designed, including a digital data vault to protect data at rest, and the privacy tools needed to control the personal information shared with the service provider and to ensure that the SOTERIA solution achieves the necessary privacy properties.
Preliminary work has been done to prepare the pilots’ implementation in the third year of the project. In particular, each use-case has been designed to include at least 900 citizens divided into 3 scenarios. The integration of SOTERIA in the existing service providers’ platform has also been considered, and some proof of concept of user authentication has been performed. A helpdesk to provide assistance to citizens is currently under construction.
Activities have been performed to raise awareness among citizens on data privacy and security, including the development of an awareness e-training. Ethical issues are closely monitored to ensure compliance of SOTERIA with fundamental ethics principles.
The project’s partners are in close contact with European stakeholders involved in the definition of eIDAS 2.0 which will state the basis framework for European wallets in the future.
How SOTERIA goes beyond:
• Provide a stronger identification scheme by verifying physical ID documents (large variety of security checks and documents covered), and biometric verification (fight against presentation attacks to ensure the ‘real’ presence of the identity document holder)
• Propose a universal identity provider, based on a two-factor authentication: the phone on which is stored the private key generated for the citizen, and a confidential code chosen by the citizen.
• eIDAS and GDPR compliant Digital Identity
• SOTERIA will offer the possibility to the citizen to manage his/her personal data
• SOTERIA will be built upon data protection, ethics, and cybersecurity methodologies
The following results are expected until the end of the project:
• A deep understanding of EU citizens’ needs and expectations regarding privacy, personal data protection, and security
• A single, secured, user-driven, user-centric, and user-friendly personal data management tool, tested with 2700 citizens on 3 use-cases: e-health, online voting, e-exam.
• A strong identity verification product, limiting the risk of identity theft
• Advanced security and privacy components to guarantee minimum data sharing, unlinkability, and secure storage of data on the SOTERIA platform
The following impacts are expected from the project:
Impact 1.1 – Citizens are better protected and become active players in the Digital Single Market
This will be achieved thanks to the following characteristics of SOTERIA: Secured storage under the control of the citizen, educational tool empowering the citizen, compliance with citizens' expectations
Impact 1.2 – Security, Privacy, and Personal data protection are strengthened as shared responsibility along all layers of the digital economy, including citizens
All types of stakeholders will be involved in SOTERIA, such as governments, service providers, citizens, etc.
Impact 1.3 – Reduced economic damage caused by harmful cyber-attacks and privacy incidents and data (including personal data) protection breaches: avoidance of personal data storage by the service provider, protection against identity theft, the number one issue related to data breaches
Impact 1.4 – Pave the way for a trustworthy EU Digital Environment benefiting all economic and social actors
Impact 1.5 – Tackle digital challenges highlighted by the COVID-19 crisis
While the cyber attackers did not make a truce during the pandemic situation, the objective of SOTERIA is to develop trust between citizens and service providers through the concrete implementation of 3 use-cases in connection with democratic, educational, and health challenges.
Impact 1.6 – Benefits to the society
• Boost citizens' awareness and engagement
• Open digital services to all, with high benefits for the citizens
• Improve the management of acute and chronic conditions
• Make data protection accessible and acceptable to citizens
• Pave the way for digital European citizenship
Impact 1.7 – Strengthen the competitiveness and growth of companies and create new market opportunities
The 3 European for-profit organisations involved in SOTERIA (IDnow, Scytl, IPCenter) will participate in the development of the innovative solution and will benefit from its exploitation.
Impact 1.8 – Improve innovation capacity
This project will strengthen expertise in the fields of security, privacy, biometric security, artificial intelligence, and document analysis as well as in disciplines such as social sciences and humanities, ethics, and law. The various partners of the project having complementary skills will share expertise, deepen, and diversify their research teams’ know-how, thereby boosting their innovation capacity.
• Provide a stronger identification scheme by verifying physical ID documents (large variety of security checks and documents covered), and biometric verification (fight against presentation attacks to ensure the ‘real’ presence of the identity document holder)
• Propose a universal identity provider, based on a two-factor authentication: the phone on which is stored the private key generated for the citizen, and a confidential code chosen by the citizen.
• eIDAS and GDPR compliant Digital Identity
• SOTERIA will offer the possibility to the citizen to manage his/her personal data
• SOTERIA will be built upon data protection, ethics, and cybersecurity methodologies
The following results are expected until the end of the project:
• A deep understanding of EU citizens’ needs and expectations regarding privacy, personal data protection, and security
• A single, secured, user-driven, user-centric, and user-friendly personal data management tool, tested with 2700 citizens on 3 use-cases: e-health, online voting, e-exam.
• A strong identity verification product, limiting the risk of identity theft
• Advanced security and privacy components to guarantee minimum data sharing, unlinkability, and secure storage of data on the SOTERIA platform
The following impacts are expected from the project:
Impact 1.1 – Citizens are better protected and become active players in the Digital Single Market
This will be achieved thanks to the following characteristics of SOTERIA: Secured storage under the control of the citizen, educational tool empowering the citizen, compliance with citizens' expectations
Impact 1.2 – Security, Privacy, and Personal data protection are strengthened as shared responsibility along all layers of the digital economy, including citizens
All types of stakeholders will be involved in SOTERIA, such as governments, service providers, citizens, etc.
Impact 1.3 – Reduced economic damage caused by harmful cyber-attacks and privacy incidents and data (including personal data) protection breaches: avoidance of personal data storage by the service provider, protection against identity theft, the number one issue related to data breaches
Impact 1.4 – Pave the way for a trustworthy EU Digital Environment benefiting all economic and social actors
Impact 1.5 – Tackle digital challenges highlighted by the COVID-19 crisis
While the cyber attackers did not make a truce during the pandemic situation, the objective of SOTERIA is to develop trust between citizens and service providers through the concrete implementation of 3 use-cases in connection with democratic, educational, and health challenges.
Impact 1.6 – Benefits to the society
• Boost citizens' awareness and engagement
• Open digital services to all, with high benefits for the citizens
• Improve the management of acute and chronic conditions
• Make data protection accessible and acceptable to citizens
• Pave the way for digital European citizenship
Impact 1.7 – Strengthen the competitiveness and growth of companies and create new market opportunities
The 3 European for-profit organisations involved in SOTERIA (IDnow, Scytl, IPCenter) will participate in the development of the innovative solution and will benefit from its exploitation.
Impact 1.8 – Improve innovation capacity
This project will strengthen expertise in the fields of security, privacy, biometric security, artificial intelligence, and document analysis as well as in disciplines such as social sciences and humanities, ethics, and law. The various partners of the project having complementary skills will share expertise, deepen, and diversify their research teams’ know-how, thereby boosting their innovation capacity.