BB26.G Privacy labels (A-F)


Jump to: navigation, search
Title Privacy labels (A-F)
Page Title BB26.G Privacy labels (A-F)
Technology Line Reference Architecture/Implementation
Lead partner UiO
Leader Christian Johansen
Contributors UiO, Smart Innovation Norway
Related to Use Cases SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, SCOTT:WP14"<s>SCOTT:WP14</s>" cannot be used as a page name in this wiki.
Description In order to allow authorities or standardization and authorization bodies to evaluate a product with respect to privacy aspects, before attaching a Privacy Label, we need to provide both a methodology and suggest tools to be used in the assessment. Moreover, we need to study closely how the Privacy labels should “look and feel” to the end customers. For this we wil apply interaction design techniques, including surveys and other user analysis techniques.

The work has to focus on several aspects:

  • Privacy Label content which will study what kind of information

should the Privacy Label contain and how this information is perceived by the end customer. This work is essential for the end- user adoption.

  • Privacy evaluation tools are essential in order for a standardization company/authority to be able to evaluate the respective IoT product. Tools that will be investigated in this BB include, complex verification tools, but also simple testing tools and techniques.
  • Methodology will be designed and prepared for demonstration and application inside the various Use Cases of SCOTT where this BB is applicable. The methodology is something that certification bodies are used with. This includes thorough documentation (and specific to us we will investigate what kind of documentation is needed for Privacy aspects) as well as testing results (for Privacy such testings are not immediately available, and they will have to be investigated part of this BB).
Main output Methodology for privacy evaluation and standardisation to be used in assessing products.

The methodology will be tested and developed together with the Use Cases of SCOTT. Scales and recommendations for Privacy Labeling ranges for different sectors that SCOTT has use Cases in. Recommendations for how to achieve the standard required by each specific label for a specific domain. These recommendations would be tested together with the Industry partners in the respective use Cases to assess their feasibility.

BB category Methodology (for SW/HW development), Profile, Standard, Means for establishing cross-domain interoperability, Process, Other
Baseline We would like to introduce privacy labels for applications and components, similar to the energy labels (A++, A+, A, B,...F), see IoTSec:Privacy_Label. Customers in Europe have an understanding of these labels for white goods, and thus we should use a similar technology to introduce "privacy" labeling. E.g. You would like to buy yourself a sports device (Fitbit, Google watch,...) or application (Endomondo, Strava,...). A potential difference between the tools might be expressed through the privacy label, e.g. a Polar device having an A-privacy, while a Garmin device having a B-privacy. - Our analysis can then show the relation between application goals and system capabilities (configuration of components) to achieve the required privacy level.
Current TRL TRL 1-2 for the ideas of Privacy Labels
Target TRL TRL 6


  • Please add your activities

Practical suggestions

  • Please add your practical suggestions
  • WPs of interest
    • WP11 mentions Privacy Labels.

It is also interesting for applying Privacy Labels because it works with complex systems that manipulate data of various kinds. Fine-grained access control is also applicable, like our 5th step in S-ABAC "Query-based AC", which can also be good to achieve better privacy.

    • WP7 can be a core WP for Privacy Labels BB
    • WP21 is also good for applying Privacy Labels

SCOTT status

From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24).

The official and complete instructions can be found in the following presentation from SP1 requirements management.