Four Joint Research Actions have been launched on geolocation privacy, on privacy in the context of smartphones, on privacy risk analysis and on the notion of control over personal data.These Joint Tasks are the priority themes for collaborative work between the members of CAPPRIS. These topics have been selected because they are of upmost significance for a better privacy protection in our modern world and also because the diversity of expertise available in the project will be a key asset to address them.
The availability of a variety of devices equipped with geolocation facilities makes it possible to collect large amounts of mobility traces. These traces can be used to deliver useful services, both in social and economic terms, but they can also represent huge privacy risks because they can be exploited to infer a lot of personal information, including sensitive data. In this Joint Research Action, we consider techniques that can be used to de-anonymize geolocated data, to anonymize them in a robust way and to assess the protection using well-defined privacy metrics.
Privacy and smartphones
Mobile phones have become ubiquitous and are part of our daily lives. However these devices handle a lot of private data such as emails, pictures, sms, address books, calendars, location data, etc. In addition, no strong privacy requirements has been applied to the design of the operating systems or the applications running on these devices. As a result, they have become a serious threat to users’ privacy. This Joint Research Action includes two complementary efforts : the identification of existing privacy threats due to the use of smartphones and the study of solutions to improve privacy while keeping the benefits of the use of these devices.
Privacy risk analysis
The draft European General Data Protection Regulation puts emphasis on data protection impact assessment. However much progress has still to be made on privacy risk analysis, which should be a key component of a data protection impact assessment (or Privacy Impact Assessment – PIA). The goal of this Joint Research Action is to define a rigorous risk analysis method including precise definitions of the methodology, the assumptions about the context (auxiliary information, types of attackers and motivation, etc.) and the potential consequences of an attack for all stakeholders. Another challenge is to ensure that these parameters and the result of the analysis itself can be conveyed to the decision makers (and other stakeholders) in a clear and non ambiguous way.
CAPPRIS contributions on privacy risk analysis also include a wide variety of experimental results illustrating privacy risks in specific situations (WiFi tracking, de-anonymization attacks, web browsers, etc.).
Control over personal data
The fact that an individual must provide his informed consent before his personal data may be collected (unless otherwise authorized by law) is the cornerstone of most data protection regulations. As such, consent may look as a strong protection for the subject but its central role is becoming more and more challenged both on the grounds of principles, questioning the legitimacy of consent in certain situations, and lack of effectiveness at the area of internet and ubiquitous computing.
Starting from the above observations, the first objective of this Joint Research Action is to analyse the (legal, social and technical) limitations of consent and put forward (legal, social and technical) proposals for a revisited notion of consent which can both serve privacy in a general sense (including its collective value) and be implemented effectively.
The second objective is to revisit the notion of control over personal data in a more general way, to challenge its premises and make proposals for a renewed (and more effective) interpretation of the concept.
Last but not least, the third objective is to propose new architectures to improve control over personal data. We have defined a solution based on the PlugDB technology. The main idea of PlugDB is to embed in secure hardware (e.g., smart cards with large storage capacity) software components capable of acquiring, storing and managing various forms of personal data (e.g., payment slips, bills, bank statements, medical data, geolocation traces, etc.) depending on the target applications. More generally, we have proposed the vision of trusted cells: personal data servers running on secure smart phones, set-top boxes, secure portable tokens or smart cards to form a global, decentralized data platform that provides security yet enables innovative applications.