Difference between revisions of "SCOTT:BB26.G"
From its-wiki.no
Line 61: | Line 61: | ||
|Privacy evaluation of the TellU Diabetics app demonstrator from WP21. | |Privacy evaluation of the TellU Diabetics app demonstrator from WP21. | ||
|Planned and Initial MSc discussions | |Planned and Initial MSc discussions | ||
− | |Christian Johansen | + | |Simen Dagfinrud and Christian Johansen |
|tentative final in Spring 2019 | |tentative final in Spring 2019 | ||
+ | |- | ||
+ | |User presentation of Privacy Label. | ||
+ | |Planned | ||
+ | |Christian Johansen | ||
+ | |start in Summer 2018 | ||
+ | |- | ||
+ | |User Studies. | ||
+ | |Planned | ||
+ | |Christian Johansen and others (Heidi, ++) | ||
+ | |start in Autumn 2018 | ||
|- | |- | ||
|} | |} | ||
Line 68: | Line 78: | ||
=Division of Work and Research Directions= | =Division of Work and Research Directions= | ||
==Planned Outcomes== | ==Planned Outcomes== | ||
− | The work in the Privacy Labelling aims to provide the following tangible results | + | The work in the Privacy Labelling aims to provide the following tangible results. |
===Privacy Labelling for Decision Makers=== | ===Privacy Labelling for Decision Makers=== | ||
===Privacy Labelling for the Users=== | ===Privacy Labelling for the Users=== | ||
Line 74: | Line 84: | ||
===Privacy Labelling for certifying experts and certification bodies=== | ===Privacy Labelling for certifying experts and certification bodies=== | ||
These include minimal requirements, alignment with existing regulations like GDPR, addoptionand relation to existing standards of relevance | These include minimal requirements, alignment with existing regulations like GDPR, addoptionand relation to existing standards of relevance | ||
+ | |||
+ | ==Sub-components== | ||
+ | The work in the Privacy Labelling is divided into several sub-components, each trying to achieve one of the above goals. | ||
+ | ===PL4Decisions=== | ||
+ | ===PL-UX=== | ||
+ | ===PL-Methods=== | ||
+ | ===PL-CERT=== | ||
+ | |||
=RoadMap= | =RoadMap= |
Revision as of 12:58, 5 March 2018
Title | Privacy labels (A-F) |
---|---|
Page Title | BB26.G Privacy labels (A-F) |
Technology Line | Reference Architecture/Implementation |
Lead partner | UiO |
Leader | Christian Johansen |
Contributors | UiO, Smart Innovation Norway |
Related to Use Cases | SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, |
Description | In order to allow authorities or standardization and authorization bodies to evaluate a product with respect to privacy aspects, before attaching a Privacy Label, we need to provide both a methodology and suggest tools to be used in the assessment. Moreover, we need to study closely how the Privacy labels should “look and feel” to the end customers. For this we wil apply interaction design techniques, including surveys and other user analysis techniques.
The work has to focus on several aspects:
|
Main output | Methodology for privacy evaluation and standardisation to be used in assessing products.
The methodology will be tested and developed together with the Use Cases of SCOTT. Scales and recommendations for Privacy Labeling ranges for different sectors that SCOTT has use Cases in. Recommendations for how to achieve the standard required by each specific label for a specific domain. These recommendations would be tested together with the Industry partners in the respective use Cases to assess their feasibility. |
BB category | Methodology (for SW/HW development), Profile, Standard, Means for establishing cross-domain interoperability, Process, Other |
Baseline | We would like to introduce privacy labels for applications and components, similar to the energy labels (A++, A+, A, B,...F), see IoTSec:Privacy_Label. Customers in Europe have an understanding of these labels for white goods, and thus we should use a similar technology to introduce "privacy" labeling. E.g. You would like to buy yourself a sports device (Fitbit, Google watch,...) or application (Endomondo, Strava,...). A potential difference between the tools might be expressed through the privacy label, e.g. a Polar device having an A-privacy, while a Garmin device having a B-privacy. - Our analysis can then show the relation between application goals and system capabilities (configuration of components) to achieve the required privacy level. |
Current TRL | TRL 1-2 for the ideas of Privacy Labels |
Target TRL | TRL 6 |
Overview
- WPs of interest
- WP7 can be a core WP for Privacy Labels BB
- WP21 is also good for applying Privacy Labels
- WP11 mentions Privacy Labels.
- It is also interesting for applying Privacy Labels because it works with complex systems that manipulate data of various kinds. Fine-grained access control is also applicable, like our 5th step in S-ABAC "Query-based AC", which can also be good to achieve better privacy.
- We will not be involved in WP12 nor WP14
Core | Extended | Future | Cancelled |
---|---|---|---|
WP7 | WP21 | WP11 and WP8 |
Activities
- Related activities include those started in BB26.F Measurable on Multi-Metrics and Measurable aspects of Privacy
- Privacy evaluation of the TellU Diabetics app demonstrator from WP21 is planned and under way, with deadline in Spring 2019.
Title | Status | Responsible | Deadlines |
---|---|---|---|
Privacy evaluation of the TellU Diabetics app demonstrator from WP21. | Planned and Initial MSc discussions | Simen Dagfinrud and Christian Johansen | tentative final in Spring 2019 |
User presentation of Privacy Label. | Planned | Christian Johansen | start in Summer 2018 |
User Studies. | Planned | Christian Johansen and others (Heidi, ++) | start in Autumn 2018 |
Division of Work and Research Directions
Planned Outcomes
The work in the Privacy Labelling aims to provide the following tangible results.
Privacy Labelling for Decision Makers
Privacy Labelling for the Users
Privacy Labelling for Technical privacy engineers
Privacy Labelling for certifying experts and certification bodies
These include minimal requirements, alignment with existing regulations like GDPR, addoptionand relation to existing standards of relevance
Sub-components
The work in the Privacy Labelling is divided into several sub-components, each trying to achieve one of the above goals.
PL4Decisions
PL-UX
PL-Methods
PL-CERT
RoadMap
Deliverables and Documents
Practical Aspects
Implementations and User Testing
- See the RoadMap
Demonstrations and Use Cases
- In WP7 in an initial preliminary phase at M14
- In WP21 in a more concrete phase at M24
SCOTT status
From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24). https://projects.avl.com/16/0094/WP26/Documents/02_Meetings%20and%20WebEx/20170703_SCOTT_Presentation_WP26.pptx?Web=1
The official and complete instructions can be found in the following presentation from SP1 requirements management.
https://projects.avl.com/16/0094/WP01/Documents/03_Deliverables/SCOTT%20REQM%20Approach_Guidance_June2017.pptx?Web=1