Revision as of 13:42, 5 March 2018

BB26.G

Title	Privacy labels (A-F)
Page Title	BB26.G Privacy labels (A-F)
Technology Line	Reference Architecture/Implementation
Lead partner	UiO
Leader	Christian Johansen
Contributors	UiO, Smart Innovation Norway
Related to Use Cases	SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, ~~SCOTT:WP14~~"<s>SCOTT:WP14</s>" cannot be used as a page name in this wiki., SCOTT:WP21, ~~SCOTT:WP12~~"<s>SCOTT:WP12</s>" cannot be used as a page name in this wiki.
Description	In order to allow authorities or standardization and authorization bodies to evaluate a product with respect to privacy aspects, before attaching a Privacy Label, we need to provide both a methodology and suggest tools to be used in the assessment. Moreover, we need to study closely how the Privacy labels should “look and feel” to the end customers. For this we wil apply interaction design techniques, including surveys and other user analysis techniques. The work has to focus on several aspects: Privacy Label content which will study what kind of information should the Privacy Label contain and how this information is perceived by the end customer. This work is essential for the end- user adoption. Privacy evaluation tools are essential in order for a standardization company/authority to be able to evaluate the respective IoT product. Tools that will be investigated in this BB include, complex verification tools, but also simple testing tools and techniques. Methodology will be designed and prepared for demonstration and application inside the various Use Cases of SCOTT where this BB is applicable. The methodology is something that certification bodies are used with. This includes thorough documentation (and specific to us we will investigate what kind of documentation is needed for Privacy aspects) as well as testing results (for Privacy such testings are not immediately available, and they will have to be investigated part of this BB).
Main output	Methodology for privacy evaluation and standardisation to be used in assessing products. The methodology will be tested and developed together with the Use Cases of SCOTT. Scales and recommendations for Privacy Labeling ranges for different sectors that SCOTT has use Cases in. Recommendations for how to achieve the standard required by each specific label for a specific domain. These recommendations would be tested together with the Industry partners in the respective use Cases to assess their feasibility.
BB category	Methodology (for SW/HW development), Profile, Standard, Means for establishing cross-domain interoperability, Process, Other
Baseline	We would like to introduce privacy labels for applications and components, similar to the energy labels (A++, A+, A, B,...F), see IoTSec:Privacy_Label. Customers in Europe have an understanding of these labels for white goods, and thus we should use a similar technology to introduce "privacy" labeling. E.g. You would like to buy yourself a sports device (Fitbit, Google watch,...) or application (Endomondo, Strava,...). A potential difference between the tools might be expressed through the privacy label, e.g. a Polar device having an A-privacy, while a Garmin device having a B-privacy. - Our analysis can then show the relation between application goals and system capabilities (configuration of components) to achieve the required privacy level.
Current TRL	TRL 1-2 for the ideas of Privacy Labels
Target TRL	TRL 6

Overview

Activities

Related activities include those started in BB26.F Measurable on Multi-Metrics and Measurable aspects of Privacy
Privacy evaluation of the TellU Diabetics app demonstrator from WP21 is planned and under way, with deadline in Spring 2019.

Activities chart
Title	Status	Responsible	Deadlines
Privacy evaluation of the TellU Diabetics app demonstrator from WP21.	Planned and Initial MSc discussions	Simen Dagfinrud and Christian Johansen	tentative final in Spring 2019
User presentation of Privacy Label.	Planned	Christian Johansen	start in Summer 2018
User Studies.	Planned	Christian Johansen and others (Heidi, ++)	start in Autumn 2018

Division of Work and Research Directions

Planned Outcomes

The work in the Privacy Labelling aims to provide the following tangible results.

Privacy Labelling for Decision Makers

The purpose is to have a lightweight version useful for persons that make decisions where privacy aspects are involved. Examples of use:

Example of the CEO or Project manager, like from Statsbygg, that need to decide on whether to include many sensors in a Smart office building for monitoring the indoor air quality. What are the privacy implications of this? How should she take a decisions, based on what information?

This Result should give here the needed tools to help with the decision.

Before doing any expensive and time-consuming PL certification actions, a CEO or investor needs to have initial indications of Privacy Aspects regarding the new App or IoT device or technology that is planned.

This Result should enable economical and feasibility calculations of the privacy implications on the business development.

This work will be done in collaboration with Smart Innovation Norway.

Privacy Labelling for Technical privacy engineers

This is similar to any other certification methods, like for the SIL levels, for the ANSSI security classifications, etc.

Privacy Labelling for the Users

This is not present in classical standardisation methods, because those, like the goal above, are meant only for technical people, and have a very simple outcome like a number or a yes/no answer.

The main purpose of Privacy Labelling is to present the outcome of the privacy certification to Users. However, privacy is highly difficult to present, compared to classical aspects like the Energy Consumption labels where the range is the number of consumed KW/hour. Moreover, privacy is also highly personal, i.e., what for some person is highly private for another may not be, and thus does not impact her decisions. The goal is to study how to best present the various concepts involved in technically deciding a privacy label. This means that a User can understand first the privacy implications for some device/service/system that she wants to acquire, as well as how to compare with other similar products based on the privacy aspects. Examples of use:

An old lady wishes to buy some Smart Home Energy Management system, but she is concerned that all these new gadgets are too intrusive into her rather classical style of living. Even more so since several of her family members, or friends at the Bridge Club tell her about <<how the TV listens to what people talk in the house>>, or how <<medical persons watch over people taking a bath>>. She wants some simple indication given by some authority that she can trust (and she mostly trusts when government associations are involved) about how much this new system would expose her, so she can decide what to buy, restricted by here limited budget.
A young adult who likes to have various new electronic devices in interested in installing a new app on his phone for tracking his weekend hiking trips. He wants to know about how his location data is being used by the app provider so that he can make an informed decision regarding choosing the various different functionalities that the app promises against the privacy exposure that he would have to accept.

Privacy Labelling for certifying experts and certification bodies

These include minimal requirements, alignment with existing regulations like GDPR, adoption and relation to existing standards of relevance. Examples of use:

Sub-components

The work in the Privacy Labelling is divided into several sub-components, each trying to achieve one of the above goals.

PL4Decisions

This sub-components works towards the following measurable outcomes.

A simplified decision process from PL-CERT, with different domain-specific versions
Tools easy to use by decision making people, like questionnaires

PL-Methods

PL-UX

This sub-components works towards the following measurable outcomes.

Privacy Labelling color range and visual cues, including icons
Privacy Label user friendly explanations, i.e., details
Usability studies to evaluate the User response

PL-CERT

This sub-components works towards the following measurable outcomes.

A certification process with all decision points identified and methods for making and evaluation and decision at the respective point.
Clearly described relationships with existing standards
Method of aligning Privacy Labelling to existing regulations including GDPR and Norwegian National regulations from Datatilsynet

RoadMap

Deliverables and Documents

Practical Aspects

Implementations and User Testing

See the RoadMap

Demonstrations and Use Cases

In WP7 in an initial preliminary phase at M14
In WP21 in a more concrete phase at M24

SCOTT status

From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24). https://projects.avl.com/16/0094/WP26/Documents/02_Meetings%20and%20WebEx/20170703_SCOTT_Presentation_WP26.pptx?Web=1

The official and complete instructions can be found in the following presentation from SP1 requirements management. https://projects.avl.com/16/0094/WP01/Documents/03_Deliverables/SCOTT%20REQM%20Approach_Guidance_June2017.pptx?Web=1

Search

Main

Applied Research for

List of

Forms (create or edit)

Help

Difference between revisions of "SCOTT:BB26.G"

From its-wiki.no

Revision as of 13:42, 5 March 2018

Overview

Contents

Activities

Division of Work and Research Directions

Planned Outcomes

Privacy Labelling for Decision Makers

Privacy Labelling for Technical privacy engineers

Privacy Labelling for the Users

Privacy Labelling for certifying experts and certification bodies

Sub-components

PL4Decisions

PL-Methods

PL-UX

PL-CERT

RoadMap

Deliverables and Documents

Practical Aspects

Implementations and User Testing

Demonstrations and Use Cases

SCOTT status

Tools