Difference between revisions of "IoTSec:Privacy Label"
From its-wiki.no
Josef.Noll (Talk | contribs) |
Josef.Noll (Talk | contribs) |
||
Line 6: | Line 6: | ||
Privacy labels for applications (Apps), Things and Services similar to the energy labels (A++, A+, A, B,...F) will lead a better understanding of the value of privacy, and will allow for a market introduction of privacy-aware services. Customers in Europe have an understanding of these labels for white goods, and thus will appreciate similar labelling for privacy. | Privacy labels for applications (Apps), Things and Services similar to the energy labels (A++, A+, A, B,...F) will lead a better understanding of the value of privacy, and will allow for a market introduction of privacy-aware services. Customers in Europe have an understanding of these labels for white goods, and thus will appreciate similar labelling for privacy. | ||
− | + | We have joined forces with Consumer Services ("Forbrukerrådet") in Norway to establish the guidelines for the ‘privacy labelling’ (A++, A+, A, B …F). Ongoing work analyses the use of data, and establishes a machine-readable (semantic) framework for the calculation of the labels. | |
− | + | ||
== Background == | == Background == | ||
[[File:Appfail.png|200px|right|Appfail report from the Norwegian Consumer Services]] | [[File:Appfail.png|200px|right|Appfail report from the Norwegian Consumer Services]] | ||
− | The Consumer Services of Norway (Forbrukerrådet) have established a report on privacy in Apps "App-Fail". In there they have found breach of privacy by apps. They identified a lack of "understandable privacy" as the main challenge. | + | The Consumer Services of Norway (Forbrukerrådet) have established a report on privacy in Apps "App-Fail". In there they have found breach of privacy by apps. They identified a lack of "understandable privacy" as the main challenge, reason being that privacy rules are often written by lawyers, to be used in court cases. Some apps use as much as 250.000 words for their description of ''terms and conditions'', making an automatic analysis cumbersome. |
− | * analysis of privacy of home IoT devices | + | |
− | * starting from "privacy by design", and identifying input parameters for "privacy" | + | == Ongoing work== |
+ | The ongoing work focusses on more easily to understand technical measures, and is amongst other supported through an ongoing Master Thesis at the University of Oslo (UiO). The thesis | ||
+ | * performs an analysis of privacy of home IoT devices | ||
+ | * starting from "privacy by design", and identifying input parameters for "privacy". | ||
* Adopt the multi-metrics methodology for converting input parameters of privacy into measurable privacy | * Adopt the multi-metrics methodology for converting input parameters of privacy into measurable privacy | ||
− | * suggestion for privacy classes, following the European energy labelling | + | * Provides suggestion for privacy classes, following the European energy labelling |
* provide at least two usage scenarios of devices/applications, e.g. sporting device ("speedometer") or child doll | * provide at least two usage scenarios of devices/applications, e.g. sporting device ("speedometer") or child doll | ||
* criteria and evaluation of privacy labels | * criteria and evaluation of privacy labels | ||
− | + | [[Linn Eirin Paulsen]] is performing the thesis entitled [[Privacy_labels_for_IoT_consumer_products]] to get the rules for privacy classes in place. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | [[Linn Eirin Paulsen]] is | + | |
[[File:Privacy_Methodology.jpg|500px]] | [[File:Privacy_Methodology.jpg|500px]] | ||
− | A | + | = Privacy tomorrow = |
+ | The suggested 'privacy labels' will come with short labels explaining, e.g. | ||
+ | :A++: sharing with no others, kept on device | ||
+ | :A+: sharing only with your mobile phone or other personal devices, or a configurable list of people | ||
+ | :A: | ||
+ | :B: | ||
+ | :C: ... | ||
+ | :D:... | ||
+ | |||
+ | If you want to join, please spread the word, and contact [[Linn Eirin Paulsen]] or any member of the [[IoTSec:About|IoTSec project team]] |
Revision as of 11:42, 2 November 2016
Security in IoT for Smart Grids | |||||||
---|---|---|---|---|---|---|---|
|
Contents
Towards Measurable Privacy - Privacy Labelling
Objective
This page provides background for the need for a Privacy Label for Apps, Things and Services. The use of energy labels has successfully (i) enhanced the understanding of energy consumption of white goods like washing machines, freezers and others, (ii) promoted the extra costs of energy-effective white goods, and (iii) reduced the energy consumption from white goods.
Privacy labels for applications (Apps), Things and Services similar to the energy labels (A++, A+, A, B,...F) will lead a better understanding of the value of privacy, and will allow for a market introduction of privacy-aware services. Customers in Europe have an understanding of these labels for white goods, and thus will appreciate similar labelling for privacy.
We have joined forces with Consumer Services ("Forbrukerrådet") in Norway to establish the guidelines for the ‘privacy labelling’ (A++, A+, A, B …F). Ongoing work analyses the use of data, and establishes a machine-readable (semantic) framework for the calculation of the labels.
Background
The Consumer Services of Norway (Forbrukerrådet) have established a report on privacy in Apps "App-Fail". In there they have found breach of privacy by apps. They identified a lack of "understandable privacy" as the main challenge, reason being that privacy rules are often written by lawyers, to be used in court cases. Some apps use as much as 250.000 words for their description of terms and conditions, making an automatic analysis cumbersome.
Ongoing work
The ongoing work focusses on more easily to understand technical measures, and is amongst other supported through an ongoing Master Thesis at the University of Oslo (UiO). The thesis
- performs an analysis of privacy of home IoT devices
- starting from "privacy by design", and identifying input parameters for "privacy".
- Adopt the multi-metrics methodology for converting input parameters of privacy into measurable privacy
- Provides suggestion for privacy classes, following the European energy labelling
- provide at least two usage scenarios of devices/applications, e.g. sporting device ("speedometer") or child doll
- criteria and evaluation of privacy labels
Linn Eirin Paulsen is performing the thesis entitled Privacy_labels_for_IoT_consumer_products to get the rules for privacy classes in place.
Privacy tomorrow
The suggested 'privacy labels' will come with short labels explaining, e.g.
- A++: sharing with no others, kept on device
- A+: sharing only with your mobile phone or other personal devices, or a configurable list of people
- A:
- B:
- C: ...
- D:...
If you want to join, please spread the word, and contact Linn Eirin Paulsen or any member of the IoTSec project team