OPERANDO: Simplifying online Privacy
Leire Orue-Echevarria (TECNALIA)Madrid, 29.11.2015
11
https://cybercamp.es
2
Agenda• OPERANDO at a Glance• Motivation• Objective• Concepts• Stakeholders: Who will benefit from OPERANDO?• OPERANDO Use Cases• OPERANDO Architecture• Next Steps
OPERANDO At a Glance
3
Project name: Online Privacy Enforcement, Rights Assurance and Optimization
Action type: Innovation Action
Duration: 36 months Start date: 1 May 2015
Total budget / Total EC funding: 4 455 811.25 euros / 3 746 037 euros
Project Consortium: 9 partners (1 Third party)
OPERANDO Motivation: Current Situation• Escalating loss of online privacy• Consumer services: Facebook, Google, LinkedIn…• Consumers are targeted and stripped of their privacy• In most cases, consumers are defenseless• Reality outpaces regulations and privacy laws
• Government/public services struggle with privacy protection• Citizens’ mistrust/public outcry• Inadvertent disclosures to other agencies• Hacking attacks• Stringent privacy laws compliance requirements
5
OPERANDO MotivationEurope’s citizen privacy laws are world-leading
The evolving data protection and privacy frameworks are yet to be implemented in a transparent and friendly way
Users should be able to take part of the monetization of the economic value of their data
Users need to understand and control how their personal data are used
However, …
6
OPERANDO ObjectiveSpecify, Implement, field test, validate and exploit an innovative privacy enforcement framework that will enable the Privacy as a Service (PaS) business paradigm and create a broad market for online privacy services online.
www.operando.eu
7
OPERANDO Concepts (1/2): Privacy classification
Personal data type Sensitivity Economic ValueMedical Extreme High
Financial Very high Extreme
Goverment High High
Social networks Medium Very high
Mobile device Extreme Very high
P2P Networks Low Low
• Privacy classification based on two attributes: Sensitivity and Economic Value
8
OPERANDO Concepts (2/2): Privacy as a ServiceOnline Service Providers (OSP)* Including PPAA
User
Privacy Regulator
Privacy Authority (PA)(*)(*) operated by Privacy Service Provider
Provides (free) u
ser-side se
rvices
Provides (paid) OSP-side services
Trusted Privacy Protection Relationship
(OSP-Users – PrivacyRegulators)
User Privacy Policy = User sensitivity profile + Explicit user input + Privacy laws + Best practices
Consume (paid) OSP-side services
Provide Privacy Guarantees:
- on use of personal data
- on handling of personal data
If Privacy guaranteesmatch UPP
access is granted
Machine readable privacy guarantees of OSPInput / update privacy regulations
9
Stakeholders (1/2): Who benefits from OPERANDO?
Online Service Providers (OSP)* Including PPAA
Privacy Authorityand Privacy Service Providers
• Gain the ability to cost-effecitively comply with privacy regulations
• Profit legimately, based on the user’s consent, from the monetization of data
• Increase trust of users in PPAA online services
• Enforcement of privcy in users’ devices (stored data and sensor outputs of mobile devices)
10
Users
Privacy Regulators
Stakeholders (2/2): Who benefits from OPERANDO?
• Manage their online privacy issues with an intuitive Web GUI• The UPP will enforced by the PA in all user’s devices• Partake in the monetization of their data
• Automated audit of OSP’s policies for compliance with regulations
11
Use Cases•Next, only some examples where OPERANDO will be applied• Focus on • Business to Consumer (B2C)• Government to Consumer (G2C): Healthcare and Public
Administration
Business to Consumer (B2C) (1/4)
12
Challenge: Obfuscation of privacy settings
• SIX pages of privacy options to set on Facebook
• The default settings are not privacy-friendly
• Same problem on Google and other major networks
13
OPERANDO solution: Unified privacy dashboard
• Web-based unified privacy settings dashboard
• Handles your accounts at all the major services
• Single-click “best practices” privacy lockdown
• Automated policy watchdog
Privacy Dashboard
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Optiion1 Optiion1
Business to Consumer (B2C) (2/4)
14
Challenge: Access to social network data - users do not benefit
Business to Consumer (B2C) (3/4)
15
OPERANDO solution: Privacy-for-benefit deals
Business to Consumer (B2C) (3/4)
The user can choose to:• Log in with SN account and
get and economic benefit or
• Log in with email/password
Log in with username & password
and get a 5 € coupon for your first purchase
orPrivacy-for-benefit deal
If no deal is offered, OPERANDO will display a privacy warning
16
Brief Description
Government to Consumer (G2C) (1/4): FoodCoach
The food coach platform helps prevent development of chronic disease and its associated negative health outcomes by providing accurate and timely information to users, patients, and caregivers for supporting healthy diets and behaviors.
The Food Coach platform allows different kinds of end-users: • People interested in taking advantage of the dietary advice automatically provided
by the Food Coach engine. This broad set of end-users contains “structured” users, e.g., families
• People affected by pathologies, e.g., diabetes or obesity. For such patients the Food Coach provides a common infrastructure where patients’ doctors can monitor the health status of the patients and interact with them, tuning their diets.
17
What OPERANDO will provide FoodCoach with
Government to Consumer (G2C) (2/4): FoodCoach
• The integrated OPERANDO-based PSP will be used to maximize privacy control over the patient’s private data.
• Doctors’ access to the patients’ data will be regulated by the PSP policies defined by the patients themselves.
• Caregivers constitute another category: they will be provided an account to consult the profile of the individual they help. The data the caregivers will be able to access will also be regulated by the policies enforced by the PSP.
18
Brief Description
Government to Consumer (G2C) (3/4): Vulnerable AdultsHelp vulnerable adults lead an independent life in their own homes• E.g. Telecare• E.g. people with low level mental health problems
• Key problems are:• Transfer of information about a service user is difficult and is not conducive to
coordinated care for the victim• Information about service users needs to be entered manually into each
organisation’s systems upon transfer• Service users give information but have no visibility of how this is used, who can see
it and where it is • It is difficult to keep data held about service users compliant with regulations (when
they change) and provide an audit trail for data use
19
What OPERANDO will provide with
Government to Consumer (G2C) (4/4): Vulnerable Adults
Challenges Benefits of OPERANDO
Lack of care coordination may lead to higher costsEasy to request information from service users, allowing sharing of information between organisations to support coordinated careLack of information sharing increases errors and
delays
Data storage security and security breaches Avoid inadvertent exposure of unsolicited information by using PSP to store and provide data
Cost in remaining compliant to regulations PSP provides privacy service, which is updated regularly with new regulations
Assumed consent from service users for data use Service users set privacy preferences to avoid assumed consent
Electronic data capture leads to inaccurate/unavailable data due to mismatching fields
Data stored is in a standard format, allowing information sharing across systems
Difficult to access analytical data about service users Receive anonymized big data analytics
20
OPERANDO High Level ArchitecturePersonal
Data Repository
Core PA
User
21
OPERANDO PA Core: led by• Gather
anonymized data• Aggregate and
reduce data• Process
Scheduling
• Monitor whether OSPs have changed privacy policies or user privacy settings
• Compute a user privacy policy (UPP)
• Maintain a UPP• Notify a change of UPP• Evaluation of System behavior
against privacy rules and policies
• Display privacy implications
removes personally identifiable information (PII) from user data or masquerading (i.e. through encryption mechanisms) identifying information (pseudo-anonymization) of user data prior to delivery to a requesting OSP.
• allows users to benefit economically from allowing OSPs to access their personal data
• allows Privacy Service Providers to control and make business from the usage of the platform privacy services
22
Future Work• Implement all modules• Proof of concept in OPERANDO Use Cases• OPERANDO will be Open Source: Check our website for
software releases!
23
OPERANDO in Social Media
@OperandoH2020
www.operando.eu
https://www.facebook.com/OperandoH2020
http://www.slideshare.net/operandoh2020
24
Contact detailsLeire Orue-EchevarriaIT Competitiveness ICT - European Software Institute Division TECNALIAParque Tecnológico de Bizkaiac/ Gueldo Edificio 700E-48160 Derio - Bizkaia (Spain)Tel: 902.760.000Tel: +34 946 430 850 (International Calls)[email protected]
25
Thank you!
26
https://cybercamp.es @CyberCampEs#CyberCamp15