Periodic Reporting for period 2 - SOTERIA (uSer-friendly digiTal sEcured peRsonal data and prIvacy plAtform)
Période du rapport: 2023-06-01 au 2024-09-30
Data inquiry schemes currently deployed have two major disadvantages:
• data must be repeatedly filled in for each e-service, which is time-consuming and lowers the rate of visits converted to sales for service providers.
• third-party's access to citizens' data is generally not fully transparent, and citizens are uncertain who monitors, accesses, and modifies their personal data.
Since the establishment of the GDPR, Europeans' perception of the importance of protecting their personal data has changed. Still, this growing awareness is not yet accompanied by a massive change in behaviour.
SOTERIA aims to transform all citizens' behavior (regardless of their gender, age, or ICT skills) regarding privacy, personal data protection, and security. With SOTERIA, which positions as a first digital data wallet prototype, EU citizens become active actors in the landscape by having full control over their data.
SOTERIA has developed and tested in an operational environment, with the involvement of 5,430 citizens, a single, secured, user-driven, user-centric, and user-friendly personal data management tool. This 3-year transdisciplinary project uses stakeholders’ knowledge, from both SSH and technology angles, to develop an innovative solution.
• data must be repeatedly filled in for each e-service, which is time-consuming and lowers the rate of visits converted to sales for service providers.
• third-party's access to citizens' data is generally not fully transparent, and citizens are uncertain who monitors, accesses, and modifies their personal data.
Since the establishment of the GDPR, Europeans' perception of the importance of protecting their personal data has changed. Still, this growing awareness is not yet accompanied by a massive change in behaviour.
SOTERIA aims to transform all citizens' behavior (regardless of their gender, age, or ICT skills) regarding privacy, personal data protection, and security. With SOTERIA, which positions as a first digital data wallet prototype, EU citizens become active actors in the landscape by having full control over their data.
SOTERIA has developed and tested in an operational environment, with the involvement of 5,430 citizens, a single, secured, user-driven, user-centric, and user-friendly personal data management tool. This 3-year transdisciplinary project uses stakeholders’ knowledge, from both SSH and technology angles, to develop an innovative solution.
SOTERIA relies on a co-creation approach: citizens from Spain, Austria, and Romania have been involved at every step of SOTERIA’s platform development through surveys, focus groups, and interviews. A first round of interviews has been conducted at the early stages of the project, to evaluate citizens’ needs and expectations regarding SOTERIA. A second round of interviews has been conducted to get feedback on SOTERIA’s first prototype, based on a video introducing SOTERIA’s concept. Finally, a third round assessed citizens’ specific needs on the three project use-cases: e-voting, e-health, and e-exam.
In parallel with assessing citizens’ expectations regarding SOTERIA, technical developments for the platform have been initiated. Specifications have been defined, including as many as possible of citizens' and eIDAS regulation requirements. A digital identity provider demonstrator has been developed. It relies on a secure identity verification, that integrates advanced security checks on the identity document, and biometrics verifications. The architecture of SOTERIA digital data wallet has been designed, including a digital data vault to protect data at rest, and the privacy tools needed to control the personal information shared with the service provider and to ensure that the SOTERIA solution achieves the necessary privacy properties.
Finally, the SOTERIA digital data wallet prototype has been developed. Relying on SOTERIA’s digital identity provider and data vault, it includes the possibility to store and share data with service providers in the form of Verifiable Credentials and Verifiable Presentations, following W3C standards. To maximize the control of the citizens over its data, the data required by each service provider is clearly listed upon each connection with a new provider, and the data is shared only after the citizen has given its explicit consent. At any moment, the citizen has the possibility to revoke this consent.
SOTERIA digital data wallet has been integrated with two service providers’ platforms, demonstrating two use cases: online voting and e-exam. SOTERIA solution has been widely tested on e-exam and e-health use cases with more than 1200 citizens from Austria, Romania and Spain, across various scenarios. It mainly demonstrated the use of SOTERIA digital data wallet to securely authenticate to access to online services, and the possibility to securely exchange data through SOTERIA (health information and e-exam certificates). Feedback from all pilot participants have been collected via surveys, and their answers analysed carefully. Overall, most participants have a increased feeling of privacy and security while using SOTERIA to perform online transactions compared to when using traditional means of authentication.
Activities have been performed to raise awareness among citizens on data privacy and security, including the development of an awareness e-training. Ethical and legal issues were closely monitored to ensure compliance of SOTERIA with fundamental ethics principles and relevant regulations.
The project’s partners are in close contact with European stakeholders involved in the definition of eIDAS 2.0 which will state the basis framework for European wallets in the future. In the years following the project, SOTERIA results will be used as the basis for developing a fully eIDAS-compliant wallet, able to be exploited as one of the EUDI wallets made available by private providers.
In parallel with assessing citizens’ expectations regarding SOTERIA, technical developments for the platform have been initiated. Specifications have been defined, including as many as possible of citizens' and eIDAS regulation requirements. A digital identity provider demonstrator has been developed. It relies on a secure identity verification, that integrates advanced security checks on the identity document, and biometrics verifications. The architecture of SOTERIA digital data wallet has been designed, including a digital data vault to protect data at rest, and the privacy tools needed to control the personal information shared with the service provider and to ensure that the SOTERIA solution achieves the necessary privacy properties.
Finally, the SOTERIA digital data wallet prototype has been developed. Relying on SOTERIA’s digital identity provider and data vault, it includes the possibility to store and share data with service providers in the form of Verifiable Credentials and Verifiable Presentations, following W3C standards. To maximize the control of the citizens over its data, the data required by each service provider is clearly listed upon each connection with a new provider, and the data is shared only after the citizen has given its explicit consent. At any moment, the citizen has the possibility to revoke this consent.
SOTERIA digital data wallet has been integrated with two service providers’ platforms, demonstrating two use cases: online voting and e-exam. SOTERIA solution has been widely tested on e-exam and e-health use cases with more than 1200 citizens from Austria, Romania and Spain, across various scenarios. It mainly demonstrated the use of SOTERIA digital data wallet to securely authenticate to access to online services, and the possibility to securely exchange data through SOTERIA (health information and e-exam certificates). Feedback from all pilot participants have been collected via surveys, and their answers analysed carefully. Overall, most participants have a increased feeling of privacy and security while using SOTERIA to perform online transactions compared to when using traditional means of authentication.
Activities have been performed to raise awareness among citizens on data privacy and security, including the development of an awareness e-training. Ethical and legal issues were closely monitored to ensure compliance of SOTERIA with fundamental ethics principles and relevant regulations.
The project’s partners are in close contact with European stakeholders involved in the definition of eIDAS 2.0 which will state the basis framework for European wallets in the future. In the years following the project, SOTERIA results will be used as the basis for developing a fully eIDAS-compliant wallet, able to be exploited as one of the EUDI wallets made available by private providers.
How SOTERIA goes beyond:
• Provide a stronger identification scheme by verifying physical ID documents (large variety of documents covered), and biometric verification (fight against presentation attacks to ensure the ‘real’ presence of the identity document holder)
• Propose an identity provider, based on a two-factor authentication: the phone on which is stored the private key generated for the citizen, and a confidential code chosen by the citizen.
• eIDAS and GDPR compliant Digital Identity
• SOTERIA will offer the possibility to the citizen to manage his/her personal data
• SOTERIA will be built upon data protection, ethics, and cybersecurity methodologies
The following impacts are expected from the project:
Impact 1.1 – Citizens are better protected and become active players in the Digital Single Market
This will be achieved thanks to the following characteristics of SOTERIA: Secured storage under the control of the citizen, educational tool empowering the citizen, compliance with citizens' expectations
Impact 1.2 – Security, Privacy, and Personal data protection are strengthened as shared responsibility along all layers of the digital economy, including citizens
Impact 1.3 – Reduced economic damage caused by harmful cyber-attacks and privacy incidents and data (including personal data) protection breaches: avoidance of personal data storage by the service provider, protection against identity theft
Impact 1.4 – Pave the way for a trustworthy EU Digital Environment benefiting all economic and social actors
Impact 1.5 – Tackle digital challenges highlighted by the COVID-19 crisis
While the cyber attackers did not make a truce during the pandemic situation, the objective of SOTERIA is to develop trust between citizens and service providers through the concrete implementation of 3 use-cases in connection with democratic, educational, and health challenges.
Impact 1.6 – Benefits to the society
• Boost citizens' awareness and engagement
• Open digital services to all, with high benefits for the citizens
• Make data protection accessible and acceptable to citizens
• Pave the way for digital European citizenship
Impact 1.7 – Strengthen the competitiveness and growth of companies and create new market opportunities
Impact 1.8 – Improve innovation capacity
This project will strengthen expertise in the fields of security, privacy, biometric security, artificial intelligence, and document analysis as well as in disciplines such as social sciences and humanities, ethics, and law. The various partners of the project having complementary skills will share expertise, deepen, and diversify their research teams’ know-how, thereby boosting their innovation capacity.
• Provide a stronger identification scheme by verifying physical ID documents (large variety of documents covered), and biometric verification (fight against presentation attacks to ensure the ‘real’ presence of the identity document holder)
• Propose an identity provider, based on a two-factor authentication: the phone on which is stored the private key generated for the citizen, and a confidential code chosen by the citizen.
• eIDAS and GDPR compliant Digital Identity
• SOTERIA will offer the possibility to the citizen to manage his/her personal data
• SOTERIA will be built upon data protection, ethics, and cybersecurity methodologies
The following impacts are expected from the project:
Impact 1.1 – Citizens are better protected and become active players in the Digital Single Market
This will be achieved thanks to the following characteristics of SOTERIA: Secured storage under the control of the citizen, educational tool empowering the citizen, compliance with citizens' expectations
Impact 1.2 – Security, Privacy, and Personal data protection are strengthened as shared responsibility along all layers of the digital economy, including citizens
Impact 1.3 – Reduced economic damage caused by harmful cyber-attacks and privacy incidents and data (including personal data) protection breaches: avoidance of personal data storage by the service provider, protection against identity theft
Impact 1.4 – Pave the way for a trustworthy EU Digital Environment benefiting all economic and social actors
Impact 1.5 – Tackle digital challenges highlighted by the COVID-19 crisis
While the cyber attackers did not make a truce during the pandemic situation, the objective of SOTERIA is to develop trust between citizens and service providers through the concrete implementation of 3 use-cases in connection with democratic, educational, and health challenges.
Impact 1.6 – Benefits to the society
• Boost citizens' awareness and engagement
• Open digital services to all, with high benefits for the citizens
• Make data protection accessible and acceptable to citizens
• Pave the way for digital European citizenship
Impact 1.7 – Strengthen the competitiveness and growth of companies and create new market opportunities
Impact 1.8 – Improve innovation capacity
This project will strengthen expertise in the fields of security, privacy, biometric security, artificial intelligence, and document analysis as well as in disciplines such as social sciences and humanities, ethics, and law. The various partners of the project having complementary skills will share expertise, deepen, and diversify their research teams’ know-how, thereby boosting their innovation capacity.