Visual Privacy Management in User Centric Open Environments

Nowadays privacy-aware approaches are crucial to improve citizens’ awareness, trust and acceptance of PAs’ online services, to design them taking privacy into account.
Such approaches require a change in the way privacy is managed, from a passive to a proactive manner, incorporating privacy analysis from the start (Privacy by Design). However, privacy management is not always adequately considered in PAs’ online services. Privacy statements, setting out the privacy rights of the citizens regarding the collection, use, storage, sharing and protection of personal information, are often difficult for citizens to fully understand, thus discouraging them from using PAs’ online services.
VisiOn aims to deliver a Visual Privacy Platform (VPP) that, on one hand, empowers citizens to specify and monitor desired levels of privacy and, on the other hand, equips PAs with the right tools to improve citizens’ transparency and trust in their actions. The former is achieved by providing citizens the means to create and monitor a personal Privacy Level Agreement (PLA) and by enabling them to visualize their privacy preferences, relevant threats and trust issues. The latter is achieved by enabling PAs to:
- analyse, visualise and develop a PLA, which can be shared with citizens through the platform;
- analyse potential threats and vulnerabilities to their privacy needs and identify countermeasures to minimize them, while at the same time informing citizens about these;
- analyse trust relationships with third party providers and establish whether these relationships endanger transparency and accountability from a citizen’s perspective.
The VisiOn consortium extended existing software and methodologies, which partners have developed in previous projects, in order to implement the VPP software components.
The VisiOn platform has been tested in two different realistic scenario types. Type I covers situations where citizens share their data with a public authority or a local government. Type II represents scenarios where healthcare institutions from two different countries must exchange patient data to provide some required service.
The result has been very satisfying and covered the requirements PAs identified. This accomplishment is indeed a big achievement of the project as the nature of these organisations is very different in terms of goals, necessities and use of VisiOn. Existing tools have been enhanced in order to allow companies to check their compliance with the GDPR and to provide support for implementing the necessary changes in their systems. This will have a big impact in organisations as, that way, they will be able not only to provide privacy for the citizens but also use VisiOn for making their organisations fulfil the GDPR, showing citizens their data is protected through policies at organisation, country or European level.

Vision is structured in six work packages to achieve an efficient realisation of the project’s objectives. The following work has been conducted since the project started in July 2015:
WP1 – Project management
Sincethe project’s kick-off, the Consortium met face-to-face every three months and had periodic online meetings.
Some issues demanding an amendment of the GA have been raised, including a change among the partners. These were effectively managed through a continous cooperation process within the consortium and with the EC, regularly informed on the project's progress.
Specific procedures for the deliverables release have been established and several collaboration tools have been set up to ensure a smooth communication between partners.
WP2 – Requirements and Architecture
The main goals were the scenarios' definition for the pilots' execution, the elicitation of users' privacy needs and the design of the VPP architecture.
Actual scenario examples have been planned and modelled.
Through an iterative process involving citizens and PAs, the requirements for the VPP have been defined and then validated through many activities to ensure their correctness, unambiguity, completeness and consistency.
A Project Ethics Board has been set up and a policy document to guide the partners in the project activities has been approved.
WP3 - Privacy Software Components
The main goal was the development of the VPP components.
An initial mapping between the requirements and the tools’ functionalities was developed, together with a draft version of the PLA structure. It has also been defined how the platform creates the PLA and how it is managed.
Based on the use cases identified in WP2, a scenario has been created as a reference for components developers to demonstrate the functionalities.
WP4 VisiOn Privacy Platform
The main goal was to integrate the developed software components. The work has been carried out in close collaboration with WP3.
After further refining the architecture, the approach has been to have two different frameworks: web and desktop. The web one would be used both by citizens and PAs in order to visualise their data, create and answer questionnaires, obtain info about the value of their data, etc. The desktop one is focused on the modelling tools and allow PAs to do analysis of the security and privacy issues of their systems and use this information to create additional questions for the citizens. In order to allow interactions among the different VisiOn components and the front-end and to store data needed for the PLA, a common database has been created.
WP5 VisiOn Pilots
The main goal was the preparation and the execution of the three pilots by means of which the VPP has been tested and validated.
Pilots tasks, together with the evaluation questionnaires, have been planned since the early stages. To reach a complete integration within existing pilot systems, there has been a strong collaboration with WP3 and WP4 with a continous feedback process to enhance the VPP.
WP6 - Dissemination, Communication, Standardisation and Exploitation
The main goals were to develop the business and commercialisation plans around the VPP and disseminate the project results. Lastly, training activities for the platform users were also undertaken.
Through periodic meetings, commercialization activities and their progress have been monitored and enhanced through the set-up of a Commercialisation Team.
The future developments will include VPP commercialisation, setting-up of a no-profit entity, future evolution of the VPP to follow citizens’ and organisations’ needs.

VisiOn strives to make a difference through both enabling users set their privacy levels and PAs’ departments to analyse and design online services that take privacy into account throughout the development process and across different levels.
The project improves innovation capacity and the competitiveness of the industrial partners and enable them to increase their business opportunities and portfolio.
VisiOn provides a privacy platform that enables PAs to manage private data in an accountable and transparent way and provide citizens with the ability to control their privacy when they are obliged to share their personal data with PAs.
The VisiOn Business plan explored the market and identified the value proposition, the customer segments, the key resources needed and the relevant distribution channels.
Press releases, publications, project website, tweets and attendance in conferences and workshops ensured an effective communication of the project activities and results.