OPERANDO: Simplifying online Privacy

Leire Orue-Echevarria (TECNALIA)Madrid, 29.11.2015

11

https://cybercamp.es

2

Agenda• OPERANDO at a Glance• Motivation• Objective• Concepts• Stakeholders: Who will benefit from OPERANDO?• OPERANDO Use Cases• OPERANDO Architecture• Next Steps

OPERANDO At a Glance

3

Project name: Online Privacy Enforcement, Rights Assurance and Optimization

Action type: Innovation Action

Duration: 36 months Start date: 1 May 2015

Total budget / Total EC funding: 4 455 811.25 euros / 3 746 037 euros

Project Consortium: 9 partners (1 Third party)

OPERANDO Motivation: Current Situation• Escalating loss of online privacy• Consumer services: Facebook, Google, LinkedIn…• Consumers are targeted and stripped of their privacy• In most cases, consumers are defenseless• Reality outpaces regulations and privacy laws

• Government/public services struggle with privacy protection• Citizens’ mistrust/public outcry• Inadvertent disclosures to other agencies• Hacking attacks• Stringent privacy laws compliance requirements

5

OPERANDO MotivationEurope’s citizen privacy laws are world-leading

The evolving data protection and privacy frameworks are yet to be implemented in a transparent and friendly way

Users should be able to take part of the monetization of the economic value of their data

Users need to understand and control how their personal data are used

However, …

6

OPERANDO ObjectiveSpecify, Implement, field test, validate and exploit an innovative privacy enforcement framework that will enable the Privacy as a Service (PaS) business paradigm and create a broad market for online privacy services online.

www.operando.eu

7

OPERANDO Concepts (1/2): Privacy classification

Personal data type Sensitivity Economic ValueMedical Extreme High

Financial Very high Extreme

Goverment High High

Social networks Medium Very high

Mobile device Extreme Very high

P2P Networks Low Low

• Privacy classification based on two attributes: Sensitivity and Economic Value

8

OPERANDO Concepts (2/2): Privacy as a ServiceOnline Service Providers (OSP)* Including PPAA

User

Privacy Regulator

Privacy Authority (PA)(*)(*) operated by Privacy Service Provider

Provides (free) u

ser-side se

rvices

Provides (paid) OSP-side services

Trusted Privacy Protection Relationship

(OSP-Users – PrivacyRegulators)

User Privacy Policy = User sensitivity profile + Explicit user input + Privacy laws + Best practices

Consume (paid) OSP-side services

Provide Privacy Guarantees:

- on use of personal data

- on handling of personal data

If Privacy guaranteesmatch UPP

access is granted

Machine readable privacy guarantees of OSPInput / update privacy regulations

9

Stakeholders (1/2): Who benefits from OPERANDO?

Online Service Providers (OSP)* Including PPAA

Privacy Authorityand Privacy Service Providers

• Gain the ability to cost-effecitively comply with privacy regulations

• Profit legimately, based on the user’s consent, from the monetization of data

• Increase trust of users in PPAA online services

• Enforcement of privcy in users’ devices (stored data and sensor outputs of mobile devices)

10

Users

Privacy Regulators

Stakeholders (2/2): Who benefits from OPERANDO?

• Manage their online privacy issues with an intuitive Web GUI• The UPP will enforced by the PA in all user’s devices• Partake in the monetization of their data

• Automated audit of OSP’s policies for compliance with regulations

11

Use Cases•Next, only some examples where OPERANDO will be applied• Focus on • Business to Consumer (B2C)• Government to Consumer (G2C): Healthcare and Public

Administration

Business to Consumer (B2C) (1/4)

12

Challenge: Obfuscation of privacy settings

• SIX pages of privacy options to set on Facebook

• The default settings are not privacy-friendly

• Same problem on Google and other major networks

13

OPERANDO solution: Unified privacy dashboard

• Web-based unified privacy settings dashboard

• Handles your accounts at all the major services

• Single-click “best practices” privacy lockdown

• Automated policy watchdog

Privacy Dashboard

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Optiion1 Optiion1

Business to Consumer (B2C) (2/4)

14

Challenge: Access to social network data - users do not benefit

Business to Consumer (B2C) (3/4)

15

OPERANDO solution: Privacy-for-benefit deals

Business to Consumer (B2C) (3/4)

The user can choose to:• Log in with SN account and

get and economic benefit or

• Log in with email/password

Log in with username & password

and get a 5 € coupon for your first purchase

orPrivacy-for-benefit deal

If no deal is offered, OPERANDO will display a privacy warning

16

Brief Description

Government to Consumer (G2C) (1/4): FoodCoach

The food coach platform helps prevent development of chronic disease and its associated negative health outcomes by providing accurate and timely information to users, patients, and caregivers for supporting healthy diets and behaviors.

The Food Coach platform allows different kinds of end-users: • People interested in taking advantage of the dietary advice automatically provided

by the Food Coach engine. This broad set of end-users contains “structured” users, e.g., families

• People affected by pathologies, e.g., diabetes or obesity. For such patients the Food Coach provides a common infrastructure where patients’ doctors can monitor the health status of the patients and interact with them, tuning their diets.

17

What OPERANDO will provide FoodCoach with

Government to Consumer (G2C) (2/4): FoodCoach

• The integrated OPERANDO-based PSP will be used to maximize privacy control over the patient’s private data.

• Doctors’ access to the patients’ data will be regulated by the PSP policies defined by the patients themselves.

• Caregivers constitute another category: they will be provided an account to consult the profile of the individual they help. The data the caregivers will be able to access will also be regulated by the policies enforced by the PSP.

18

Brief Description

Government to Consumer (G2C) (3/4): Vulnerable AdultsHelp vulnerable adults lead an independent life in their own homes• E.g. Telecare• E.g. people with low level mental health problems

• Key problems are:• Transfer of information about a service user is difficult and is not conducive to

coordinated care for the victim• Information about service users needs to be entered manually into each

organisation’s systems upon transfer• Service users give information but have no visibility of how this is used, who can see

it and where it is • It is difficult to keep data held about service users compliant with regulations (when

they change) and provide an audit trail for data use

19

What OPERANDO will provide with

Government to Consumer (G2C) (4/4): Vulnerable Adults

Challenges Benefits of OPERANDO

Lack of care coordination may lead to higher costsEasy to request information from service users, allowing sharing of information between organisations to support coordinated careLack of information sharing increases errors and

delays

Data storage security and security breaches Avoid inadvertent exposure of unsolicited information by using PSP to store and provide data

Cost in remaining compliant to regulations PSP provides privacy service, which is updated regularly with new regulations

Assumed consent from service users for data use Service users set privacy preferences to avoid assumed consent

Electronic data capture leads to inaccurate/unavailable data due to mismatching fields

Data stored is in a standard format, allowing information sharing across systems

Difficult to access analytical data about service users Receive anonymized big data analytics

20

OPERANDO High Level ArchitecturePersonal

Data Repository

Core PA

User

21

OPERANDO PA Core: led by• Gather

anonymized data• Aggregate and

reduce data• Process

Scheduling

• Monitor whether OSPs have changed privacy policies or user privacy settings

• Compute a user privacy policy (UPP)

• Maintain a UPP• Notify a change of UPP• Evaluation of System behavior

against privacy rules and policies

• Display privacy implications

removes personally identifiable information (PII) from user data or masquerading (i.e. through encryption mechanisms) identifying information (pseudo-anonymization) of user data prior to delivery to a requesting OSP.

• allows users to benefit economically from allowing OSPs to access their personal data

• allows Privacy Service Providers to control and make business from the usage of the platform privacy services

22

Future Work• Implement all modules• Proof of concept in OPERANDO Use Cases• OPERANDO will be Open Source: Check our website for

software releases!

23

OPERANDO in Social Media

@OperandoH2020

www.operando.eu

https://www.facebook.com/OperandoH2020

http://www.slideshare.net/operandoh2020

24

Contact detailsLeire Orue-EchevarriaIT Competitiveness ICT - European Software Institute Division TECNALIAParque Tecnológico de Bizkaiac/ Gueldo Edificio 700E-48160 Derio - Bizkaia (Spain)Tel: 902.760.000Tel: +34 946 430 850 (International Calls)Leire.Orue-Echevarria@tecnalia.com

25

Thank you!

26

https://cybercamp.es @CyberCampEs#CyberCamp15