Skip to main content

Online Privacy Enforcement, Rights Assurance and Optimization

Periodic Reporting for period 1 - OPERANDO (Online Privacy Enforcement, Rights Assurance and Optimization)

Reporting period: 2015-05-01 to 2016-04-30

The goal of the OPERANDO project is to specify, implement, field-test, validate and exploit an innovative privacy enforcement framework that will enable the Privacy as a Service (PaS) business paradigm and create a broad market for online privacy services.
Online privacy is a pervasive European market need. Europe’s citizen privacy laws are world-leading. However, the evolving data protection and privacy frameworks are yet to be implemented in a transparent and user-friendly way, enabling users to understand and control how their personal data are used and to partake in monetization of their economic value. Currently, users have no control over the personal data that were disclosed to service providers, and cannot verify that the data are not passed onto 3rd parties. Lack of visible privacy protection limits the willingness of users to use online services. Moreover, the economic value of personal data is neither adequately understood nor taken advantage of by users, while providers of online services monetize it and enjoy its full benefits.
The OPERANDO project will develop a platform that will be used by independent Privacy Service Providers (PSPs) to provide comprehensive user privacy enforcement in the form of a dedicated online service, called “Privacy Authority”. The OPERANDO platform will support flexible and viable business models, including targeting of individual market segments such as public administrations, social networks and Internet of Things.
OPERANDO aims to contribute to the entire ecosystem of online privacy stakeholders: Users, PSPs, Online Service Providers (OSP) and their technology suppliers, and Regulators. Federation of specialized Privacy Authorities will be supported to increase the range of the services and their uptake. The OPERANDO platform will be positioned for endorsement by European governments and standardization bodies. To increase the transparency of the privacy services and dissemination of results, OPERANDO outcomes will be implemented as Open Source, and will be made available to the community for further evolution and value-adding beyond the scope of the project.
The objectives of the project can be summarised as follows:
O1 - Enable user-friendly privacy enforcement
Provide users with easy-to-use tools and interfaces for granular control over access and use of their personal data, as well as the ability to trade the value of the personal data for economic benefits.
O2 - Implement Privacy-by-Design
Enable existing and new online services to comply with Privacy-by-Design legislation and principles. Create the technology for semantic input and enforcement of existing and future European privacy laws, along with best practices and user privacy preferences, including privacy protection in cross-border services.
O3 - Create viable business and trust models
Provide built-in support for a range of Privacy Service Provider business models and profitability strategies, along with strong value for Online Service Providers, while keeping the service free for users. Create strong trust models easily understood and accepted by users.
O4 - Demonstrate and validate the solution
Implement, test and validate the solution through use by multiple real Online Service Providers representing different market segments.
O5 - Ensure that OPERANDO framework is sustainable
Identify, document and initiate a joint exploitation strategy between OPERANDO partners, building on project demonstrations and endorsements and their dissemination, and other mechanisms such as Open Source release where appropriate. Gain endorsement of the solution by data protection authorities and consumer organizations, and position it for endorsement by governments.
The first year of OPERANDO has seen the project progress through the communication, definition, and development of the first prototype milestones. The methodology of the project is iterative, producing working software every six months to test with users. Therefore, this progress in the first year builds the foundation for the remaining work on the project, where subsequent releases of the software will be developed and tested, leading to the creation of a valuable product.
The communication package milestone saw the consortium work on producing processes and guidelines, including a communication and dissemination plan and effective project management processes. Following this, the definition milestone of the project was completed where many vital activities for the first year took place. This included the creation of the product requirements and marketing requirements documents for the project. These resulted from user requirements gathering with members of the User Advisory Board, and inclusion of legal and ethical aspects. Based upon this knowledge, the product architecture was specified, as well as the specifications for the individual components of this whole.
The final months in year one focused on the development and delivery of the first prototype of the software. This was delivered in M12 (month 12), where the stub implementations of functionality and interfaces between components have been developed. This prototype provides the groundwork for the minimum viable product in M18, where the basic functionality of the software will be delivered allowing initial user testing to begin across three sites in the UK and Italy.
In addition to releasing the first prototype of the platform, research into privacy methods have resulted in six scientific publications in prestigious venues which extend current state of the art in security and privacy; an Android application for improving the privacy of mobile users; and a framework for the privacy of mobile users. Also, wireframes of the user interface have been developed to show the user journeys and interactions with the platform for B2C (Business to Consumer) and G2C (Government to Consumer) Online Service Provider’s (OSPs) and end-users. These wireframes will be used to gather feedback, but also to gain interest in the project and the main concepts. The main audience for this work are the existing customer bases and networks.
During these first phases, the planning for the testing and validation sites has been started and refined, including research protocols, ethical approvals, approval to collect personal data and testing requirements. In addition the ethics management board has been set up to oversee ethical issues and give advice from experts which are internal and external to the project.
The consortium have been active regarding the dissemination of the project results, where two journals, five conference papers and four events have been attended in the first year, for example participation in the DPSP (Data Protection, Security and Privacy in cloud) cluster at NetFutures 2016. This cluster of projects, are analysing the challenges on data protection, security and privacy in cloud, in order to define the next workprogramme 2018 – 2020. Furthermore, the whitepaper resulting from this cluster will be used by the European Commission for the definition of several regulations from the technological point of view.
In addition to these activities, the Marketing Advisory Board and User Advisory Board Workshops were held to engage end users, consumer organisations and OSPs. The project also has an active website, with over two and a half thousand visits in the first year. The project twitter account is also active, providing the daily diary for the consortium, as well as articles and news for those interested in data privacy and security.
The exploitation of the project results is another area which has been a focus for the consortium in the first year of the project. Succ
OPERANDO will advance beyond the state of the art in these main areas: legal compliance, automated policy analysis and management, enabling privacy of cloud-stored data and data anonymisation methods.
OPERANDO advances the state of the art by translating privacy and data protection into technical concepts, which the Commission considers “extremely difficult” (COM(2012) 417 p. 11), ensuring that PSPs can demonstrate the actual application of the Privacy-by-Design (PbD) method to Data Protection Authorities, as follows: PSPs follow a normative methodology taking account of ethical values, legal principles and privacy goals; Consumers and PSPs (Privacy Service Provider) have the flexibility to set design options appropriate for their individual case (full functionality); and PSPs can consider other crosscutting criteria such as IT security, usability, etc. to better integrate the PbD method into the overall product lifecycle.
In the first year of the project, the Privacy-by-Design method has been described in terms of the legal principles and design goals, including pseudo-identifiers, anonymisation, decentralised system and raw data deletion. These goals define a comprehensive approach for online privacy services in response to the general EU legal requirement of privacy by design. All design goals are based on work on legal guidelines for the project. In order to implement the privacy goal of pseudo-identifiers, we have identified and researched the methods and algorithms for OPERANDO, which will be applied within the Anonymisation Engine, Big Data Analytics and Privacy for Benefit modules of the platform.
Future work of OPERANDO will focus on specifying the privacy design goals in a set of properties of the OPERANDO architecture and modules to finalise the translation of the ethical and legal concepts into the overall OPERANDO implementation.
The concepts defined and described in project deliverables so far, and their implementation, enable two significant benefits for project impact. First, on the basis of what we have outlined, OPERANDO will make a proposal to the standards bodies working on the standardisation of “Privacy by Design” such as the activities in the framework of the European Commission Standardisation Request M/530 on privacy by design for the security industry. In addition, the pseudo-identifier system will allow flexibility in support of OSPs (Online Service Provider) and PSPs whilst respecting and optimising the legal safeguards and ethical values of end users. In this way, we aim to support the marketing of OPERANDO as one of the first products that will meet the future standard. Thus, the implementation of these features will achieve the expected impact to implement Privacy-by-Design architectures.
In addition to work on legal compliance, OPERANDO will advance beyond the state of the art in automated policy analysis and management. OPERANDO will combine different sources of privacy policies, user preferences, OSP incentives and privacy laws, in order to come up with an authorization decision whether an access to the user data should be granted to an OSP. OPERANDO will address this by integrating SAM (SERSCIS Access Modeller) functionality as a service, allowing run-time computation of policy implications, e.g. if an OSP composes services dynamically from more primitive elements (e.g. for data storage and access, or data transcription or analytics). This will be used to decide at run-time whether it is safe (for a given user) to delegate or allow access rights to a particular service.
The first prototype of the platform allows access to certain authorised users for specific fields of data for an individual. This follows the release plan for the Policy Computation (PC) module, where the first release in M12 contains the stub implementation of basic interfaces with other components. The MVP release (Minimum Viable Product) will see the implementation of the ability to compute a user privacy policy,
Square OPERANDO shortened logo
Full OPERANDO logo