General Approach

Despite apparently strong legal protection, at least in Europe, many citizens feel that information technology has invaded so many aspects of their daily lives that they no longer have suitable guarantees or any control about their privacy. Indeed, protecting the privacy of individuals is difficult to achieve in an ubiquitous world where individuals leave digital traces of their actions, often without even knowing it.
The goal of CAPPRIS is to tackle these challenges and provide solutions to enhance the privacy protection in the information society. To this aim, we believe that the following key issues need to be addressed.

The identification of existing and future threats to privacy

One of the most worrying threats today is the possibility of knowledge inference (e.g. for profiling) and de-anonymisation of ever growing volumes of data. Addressing this issue is especially challenging considering the conflicting need to share data in social applications such as Twitter or Facebook. Many other threats are already identified (such as collection of excessive amounts of personal data by smartphone applications, or the trend to trade more or less deliberately personal data in return for service personalisation), most of them stemming from a combination of technical features and social behaviours, and others will unavoidably arise in the future (for example with the deployment of cloud computing and pervasive computing).

The definition of the fundamental principles underlying privacy by design and methods to apply them in concrete situations

Privacy by design is the integration of the privacy issues as early as the design phase of a system or application. To become a reality however, its principles must be well defined and supported by methodologies and tools. Among these tools, more emphasis should be put on transparency, in order to provide ways for individuals to understand how their personal data (and, ideally, any data that can be used in a processing with potential effects on them) is collected, generated, managed, transferred, etc. These technologies, which are sometimes called « TETs » for « Transparency Enhancing Technologies » are becoming more and more necessary in a context where information flows are growing dramatically and the data mining and inference techniques become more and more powerful.

The definition of appropriate measures to assess and quantify privacy

Defining realistic and formally grounded measures of privacy, adapted and appropriate for specific contexts, is a challenging task but also a prerequisite both for evaluating the risks and for assessing potential solutions. For instance, being able to quantify privacy with respect to a particular geolocated application is a fundamental issue as it can be used to measure the privacy gained by using protection mechanisms (such as sanitization algorithms). Several proposals have been made recently to define relevant privacy metrics for geolocated data but the problem remains open as of today. In particular, taking into account unlinkability in the privacy metric seems to be particularly crucial in this context to prevent an adversary from linking the movements of an individual during some period, and then building a complete profile of his behaviour when combined with other inference attacks.

The integration of the social and legal dimensions

Privacy is by essence a social value protected by legal instruments and one cannot expect that technical tools can provide any effective solution to the complex issues raised by privacy without proper integration of the social and legal dimensions. One of the objectives of CAPPRIS is to favour a true interdisciplinary research through the integration of participants from social and legal sciences in the core of the partnership, with participation in all the Work Packages of the project.