BB26.G Privacy labels (A-F)
|Title||Privacy labels (A-F)|
|Page Title||BB26.G Privacy labels (A-F)|
|Technology Line||Reference Architecture/Implementation|
|Contributors||UiO, Smart Innovation Norway|
|Related to Use Cases|| SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, |
|Description|| In order to allow authorities or standardization and authorization bodies to evaluate a product with respect to privacy aspects, before attaching a Privacy Label, we need to provide both a methodology and suggest tools to be used in the assessment. Moreover, we need to study closely how the Privacy labels should “look and feel” to the end customers. For this we wil apply interaction design techniques, including surveys and other user analysis techniques.
The work has to focus on several aspects:
should the Privacy Label contain and how this information is perceived by the end customer. This work is essential for the end- user adoption.
|Main output|| Methodology for privacy evaluation and standardisation to be used in assessing products.
The methodology will be tested and developed together with the Use Cases of SCOTT. Scales and recommendations for Privacy Labeling ranges for different sectors that SCOTT has use Cases in. Recommendations for how to achieve the standard required by each specific label for a specific domain. These recommendations would be tested together with the Industry partners in the respective use Cases to assess their feasibility.
|BB category||Methodology (for SW/HW development), Profile, Standard, Means for establishing cross-domain interoperability, Process, Other|
|Baseline||We would like to introduce privacy labels for applications and components, similar to the energy labels (A++, A+, A, B,...F), see IoTSec:Privacy_Label. Customers in Europe have an understanding of these labels for white goods, and thus we should use a similar technology to introduce "privacy" labeling. E.g. You would like to buy yourself a sports device (Fitbit, Google watch,...) or application (Endomondo, Strava,...). A potential difference between the tools might be expressed through the privacy label, e.g. a Polar device having an A-privacy, while a Garmin device having a B-privacy. - Our analysis can then show the relation between application goals and system capabilities (configuration of components) to achieve the required privacy level.|
|Current TRL||TRL 1-2 for the ideas of Privacy Labels|
|Target TRL||TRL 6|
- Related activities have been started in BB26.F Measurable
- Please add your activities
- Please add your practical suggestions
- WPs of interest
- WP11 mentions Privacy Labels.
It is also interesting for applying Privacy Labels because it works with complex systems that manipulate data of various kinds. Fine-grained access control is also applicable, like our 5th step in S-ABAC "Query-based AC", which can also be good to achieve better privacy.
- WP7 can be a core WP for Privacy Labels BB
- WP21 is also good for applying Privacy Labels
From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24). https://projects.avl.com/16/0094/WP26/Documents/02_Meetings%20and%20WebEx/20170703_SCOTT_Presentation_WP26.pptx?Web=1
The official and complete instructions can be found in the following presentation from SP1 requirements management. https://projects.avl.com/16/0094/WP01/Documents/03_Deliverables/SCOTT%20REQM%20Approach_Guidance_June2017.pptx?Web=1