From their News section, it seems they are on tour to tell the world about the project.
I grabbed a presentation PDF from Infocom World 2016 Greece (don’t have the link right now). It contains a lot that is hard to interpret without the speaker, as is often the case. Not their fault, just the nature of things, having just the slides.
Enabling Crowd-sourcing based privacy protection for smartphone applications, websites and Internet of Things (IoT) deployments.
Their main Privacy Flag platform lists CROWD both as End-users and as Evaluators.
Universal Privacy Risk Area Assessment Methodology
- Universal & Generic
- Reliable & Effective
- Democratizing Privacy Legal & Technical Requirements
That would be no small feat.
- Develop a highly scalable privacy monitoring and protection solution based on:
- Crowd sourcing mechanisms to identify, monitor and assess privacy-related risks.
- Privacy monitoring agents distributed on users’ smart phones and web browsers, to identify privacy threatening activities and applications.
- Universal Privacy Risk Area Assessment Tool and methodology tailored on European and international legal norms on personal data protection and data ownership;
- Personal Data Valuation mechanism for citizens;
Privacy enablers for citizens to retain control over their privacy with optimized anonymisation techniques against traffic monitoring and finger printing; [emphasis mine]
- User friendly interface informing the users and raising citizen awareness on their privacy risks when using a smart phone application or visiting a website
How technically feasible is that?
Main Components _(1)
Privacy monitoring agent: software to be deployed on users’ devices for monitoring and detecting suspicious application or website behaviour.
- It will perform a local check on sensitive functions and data transmissions in order to inform the end-user on identified risks and level of risk.
- It will inform the user about any identified risk and may share information on suspicious applications or websites with the common knowledge database.
- Any information transfer will be full anonymized and will exclude and filter out any personal data.
Privacy enablers ensuring that the user of the platform cannot be identified -or tracked- when connecting to the platform or to other web services.
- Inter-alia, it will ensure that transmitted data can be fully secured and anonymized, addressing among others IP and MAC tracking (through translation and proxy mechanisms), as well as unwanted GPS location transmission.
Privacy Risk Alert tool enabling any user to launch an alert on any suspicious application, website or unusual deployment of IoT devices [emph. mine] in a smart city that could constitute a risk on privacy.
- The list of alert will be made available to the crowd for risk evaluation process by volunteers and/or experts. This alert tool will enable to rank and prioritize the applications according to the users priority concerns.
Sounds good, if difficult to achieve.
Setting up a dedicated legal entity to promote privacy
In principle, Privacy Flag will use a dual business model:
Free evaluation tool for the crowd: No sales revenue stream are planned on the tools developed by the project in order to enable a large adoption and to make the service freely available to the public.
Paying services for interested companies: Privacy Flag will propose paying services for in depth privacy risk audits, recommendations and potential labelling for interested companies.
Competition, differentiation and competitive advantages
We plan to generate most revenues from services and consulting, with potential complementary incomes from selective advertisements. [emph. mine]
Privacy Flag has a huge potential to be downloaded by end-users.