PRISE - privacy & security
Overview

The research activities of PRISE are logically structured in three phases and nine work packages:

Phase 1
consisting of three work packages, builds up a knowledge base with regards to

  • security technologies (WP2 – Identifying relevant security technologies and measures),
  • privacy impacts and design options (WP3 – Mapping of privacy impacts and options for privacy enhancing shaping),
  • possible futures – or scenarios – that need to be addressed now in order to act proactively (WP4 – Development of implementation scenarios).

This knowledge base feeds directly into the next phase.

Phase 2
WP5 - Participatory Technology Assessment of scenarios, applies reliable and well-tested participatory techniques in order to gain insight into the public reactions to possible future privacy issues. Citizens are consulted through a combined quantitative and qualitative query technique (the Interview Meeting), after receiving input from experts that makes them familiar with the issues addressed. The consultation of citizens builds upon the knowledge base of phase 1, and feeds directly into the interactive, conclusive phase 3.

Phase 3
consisting of WP6 – Criteria for privacy enhancing security technologies and WP7 – Dissemination and implementation, concludes the supporting action by developing criteria for privacy enhancing security technologies based on the results of the previous work packages. These criteria are further enhanced and checked for acceptance and applicability in a constructive dialogue with the main stakeholders and relevant target groups.
The remaining three work packages, WP1 – Methodology, WP8 – Assessment and evaluation and WP9 – Management, are ongoing supporting activities during the whole duration of PRISE.

Description of individual work packages

WP1 – Methodology
This work package will provide the methodology and the design of the whole supporting action. Feedback from other work packages will be used to improve methodology and design if required.
Specific method manuals and training manuals will be produced for the Development of Implementation Scenarios (WP4) and for the Participatory Technology Assessment (WP5). A training course will be conducted for the partners and sub-contractors involved in the national participatory processes of WP5.

WP2 – Identifying relevant security technologies and measures
This work package provides primarily input to WP3, but will also be relevant for other work packages. It combines desktop research and input from an expert group. WP2 will involve a thorough study of the different technologies relevant, both today and in the foreseeable future. These technologies will be mapped and described thoroughly to constitute a good foundation for the work with identifying privacy issues related to the technologies and providing suggestions as to how the technologies can be used in a way that provide better privacy.

WP3 – Mapping of privacy impacts and options for privacy enhancing shaping
WP3 will be based on the results of the technology selection taking place in WP2. The selected technologies will be embedded in existing or typical application scenarios for the respective technology.
Legal non-compliance or collisions of technology use with data protection principles in the typical or existing scenarios will be identified and analysed regarding its general importance as a problem of a certain technology use or a problem bound to the implementation of the technology in certain scenarios.
According to the problems identified and their classification into technical, organisational, procedural and legal measures, facilitating a privacy compliant or even privacy enhancing use of the technologies and possibilities of a legally compliant technology use in the chosen scenarios will be discussed. As a result of the discussion a proposal for an accompanying legal, technical or organisational framework for the respective technologies will be elaborated.

WP4 – Development of implementation scenarios
The creation of scenarios will be based partly on the input from WP2 and WP3. In addition, a reference group consisting of experts on different fields related to this issue will be formed. The work will be carried out in a series of workshops with external experts. Finally, the scenarios will be tested and developed further in a larger workshop, where more national and European experts will be invited to participate, taking into account a larger number of representatives of relevant European environments.
WP4 will provide a major input to the participatory activity in WP5. This work package will also provide input for WP6 and WP7.

WP5 – Participatory Technology Assessment
WP5 will draw upon the knowledge base established in the previous work packages. A questionnaire and interview guide will be established, which reflects the conflicts or normatively sensible issues in the scenarios of WP4.
Six Interview Meetings, each involving a sample of 25-35 citizens, carried out in 5 European member nations and in Norway, will establish a combined quantitative and qualitative insight into public perceptions. The interview meetings will be carried out by the partners ITA, DBT, ULD and NBT in Austria, Denmark, Germany and Norway and by sub-contractors in the 5th and 6th country, whereas the intention is to select one out of the new Eastern European Member States and one out of the old South European Member States as 5th and 6th country, so that also the perceptions and preferences of citizens residing in countries which suffered from periods of non-democratic governments during the second half of the last century will be reflected in the interview meetings.
The WP will conclude with a work paper, in which the findings from the WP are described, and implications for the criteria (WP6) are laid out. The work paper will be presented and discussed at a supporting action management committee meeting, and a work meeting between the leaders of WP5 and WP6 will be held.

WP6 – Criteria for privacy enhancing security technologies
The development of criteria for privacy enhancing security technologies involves several steps of review and testing for acceptance by citizens and stakeholders.
In a first step the technical, organisational, procedural and legal measures resulting from WP3 will be analysed for common principles. In a second step the public perception of these measures, respectively of their integration into scenarios, resulting from the participatory Technology Assessment in WP5 will be interpreted and incorporated into the common principles for a privacy friendly use of technology and implementation of security measures.
In a next step the principles for best practice in privacy friendly use of the selected technologies, including recommendations to exclude certain technologies and applications, will be transformed into sets of operational criteria for different users. Particular emphasis will be put on sets of criteria that could directly be incorporated into the process of call definition and proposal evaluation for the 7th Framework Programme.
In a fourth and last step the draft sets of criteria will be discussed with user representatives and stakeholders in order to develop final sets of criteria that offer practical assistance to the different stakeholders involved in the development and implementation of security technologies.

WP7 – Dissemination and implementation
The dissemination WP will ensure the diffusion of information about the project, its results, and will also ensure feedback from a broader set of actors.
A core element of this work package will - apart from Internet dissemination and presentations at conferences - be the conduction of policy workshops and a final conference.
Two policy workshops will be organized in which mid-term results will be discussed with policy-makers. The first workshop will discuss the knowledge base and the questions which are to be posed to the citizens in WP5. The second workshop will discuss the outcomes of WP4 and WP5 as well as the draft results from WP6. The aim of the workshops is primarily to “communicate through interaction” the outcomes of the supporting action, and secondarily to receive input from the participants. For an effective communication during the workshops a number of 20 to 25 participants is envisaged. It will be an important aspect that different interests and roles in security technologies are represented in a balanced manner, so that suppliers of security technologies, law enforcement, policy shaping, implementers, users, suppliers of data, data protection authorities, NGOs representing human rights concerns can interact efficiently.
Further important networks for awareness building for this supporting activity are EPTA (European Parliamentary Technology Assessment network) in which three partners are active, and ForSociety ERA-net (ERA-net on national foresight programmes) in which one partner is active.
Final dissemination and discourse about the implementation of criteria for research activities would be imperative for the implementation of these criteria. Therefore, WP 7 ends by a conference at EU level, in which the background for criteria is presented, the concrete set of criteria is discussed, and a consensus on implementation measures will be sought for.

WP8 – Assessment and evaluation
An important task of this work package is the development of an evaluation plan and evaluation criteria in order to assess the effectiveness of involvement of (public) users and stakeholders. Another core activity will be the establishment of an advisory panel. The evaluation of major results by this panel will complement the supporting action team's own internal review and quality control. This work package will also, in close cooperation with WP7, develop the plan for using the knowledge generated by PRISE.

WP9 – Management
The purpose of WP9 is to administrate and manage the supporting action on behalf of all its participants and the Commission.