The event commenced with opening and keynote talks by the European Research Executive Agency (REA) and European Union Agency for Cybersecurity (ENISA). Following this, the final lessons learned from the two pilots were demonstrated and discussed. The first pilot took place in Tallinn, where the Av shuttle operated within the TalTech campus area. The experience and insights gained during this initial pilot were then applied and reinforced in the second CitySCAPE Pilot Demonstration in Genova, Italy. The primary objective of the Genoa pilot was to validate all the CitySCAPE tools developed throughout the project, specifically focusing on information dissemination to passengers and digital ticketing in various predefined scenarios.

Finally, Dr. Alexander Vasylchenko, the TRAPEZE project coordinator, presented the current achievements of the TRAPEZE project. In a roundtable discussion involving HEIR and SENTINEL, other invited EU-funded projects, allowed CitySCAPE and TRAPEZE project coordinators to share their valuable insights on the importance of exploiting research results effectively.

For more information about the TRAPEZE project and the collaboration projects, see: /demos-collaborations/.

The webinar was divided into two parts:

Part 1: Use Cases by Caixa Bank and Deutsche Telekom – During this session, representatives from Caixa Bank and Deutsche Telekom shared their real-world experiences and demonstrated how the TRAPEZE project has positively impacted their organizations. These sessions provided valuable insights into the practical implementation of privacy, transparency, sovereignty, and security principles within the banking and telecommunications sectors.

Part 2: Privacy Preserving Technologies. The second part of the webinar delved into the innovative privacy-preserving technologies that have been developed as part of the TRAPEZE project. TRAPEZE experts provided a comprehensive overview of these advanced solutions, showcasing their potential to transform data handling practices across various industries while ensuring individual privacy remains intact. More than ten experts in the relevant above-mentioned fields attended the webinar.

A collaborative workshop on privacy, transparency, sovereignty, and security was held on 27-28 April 2023 at the Inria Mediterranean Campus in Sophia Antipolis. The workshop was co-organized by the European projects TRAPEZE and E-CORRIDOR, and co-sponsored by Inria and ERCIM – the European Research Consortium for Informatics and Mathematics. The two-day workshop aimed to explore new ideas, share insights and collaborate on solutions that can benefit society in the fields of privacy, cybersecurity, and technology. This report presents a brief overview of the presentations and discussions held during the workshop.

Workshop participants. Photo: P. Kunz

The first day of the workshop was dedicated to research and technology. Alexander Vasylchenko from TenForce started the presentations by discussing how TRAPEZE services can enable digital privacy, security, and identity. This was followed by Fabio Martinelli’s presentation on the E-CORRIDOR approach for confidential analytics. The next presentation was by Sabrina Kirrane from the Vienna University of Economics and Business, who discussed blockchain-based resource governance for decentralized web environments. Jean-Paul Bultel from the French Alternative Energies and Atomic Energy Commission-CEA presented homomorphic encryption-based similarity matching for privacy-preserving interest-based data sharing.

Ilaria Matteucci from the Italian National Research Council discussed privacy issues and the automotive sector. Simone Fischer-Hübner from Karlstad University presented a talk on usable transparency and consent, which was delivered by videoconferencing. Roland Rieke from Fraunhofer-Gesellschaft presented machine-learning methods for in-vehicle intrusion detection, with access restricted to the presentation. João P. Vilela from INESC TEC, CISUC & University of Porto talked about the prediction of user privacy preferences in mobile devices via federated learning. The last presentation of the day was by Francesco di Cerbo and Volkmar Lotz from SAP, who jointly presented on privacy research topics at SAP. The day ended with lively discussions during a wine and cheese reception.

The second day of the workshop focused on two main areas: privacy policy and regulations and the innovative utilization of privacy technologies across different sectors. The day started with a two-hour session that brought together research and Data Protection Authorities (DPAs) as well as experts from the data protection community to foster synergies and collaboration. The discussion explored the role of DPAs in promoting data protection and privacy across different sectors and jurisdictions. The session also discussed selected privacy-enhancing results of the TRAPEZE project, such as consent management through a citizen-centric privacy dashboard, policy language, and the concept of sticky consent policies.

After the DPA session, presentations were given on the challenges of trust and sovereignty awareness in global transactions, privacy and legal issues in big data, privacy-preserving passenger processing, data usage control, and protecting data and privacy in the public transport sector.

Martin Kurze (Deutsche Telekom), Ramon Martín de Pozuelo (CaixaBank), and Lauro Vanderborght (Digital Flanders) gave an overview of the TRAPEZE use cases & their impact on society. Theo Dimitrakos from Huawei and University of Kent) gave a presentation titled “Challenges of trust and sovereignty awareness for global transactions in an increasingly fragmented polarized world” via video conferencing. Rigo Wenning (ERCIM/W3C) talked about “Privacy and legal issues in Big Data.” Stefano Sebastio, from Collins Aerospace presented privacy-preserving passenger processing and operations solutions for multi-modal travels, followed by Paolo Mori (Italian National Research Council) who introduced a Data usage control procedure via video conferencing. Fabio Podda (Azienda Mobilità e Trasporti Genova) and Liivar Luts (Tallinna Transpordiamet) jointly talked about how protecting data and privacy in public transport sector in the frame of the CitySCAPE project.

Alexander Vasylchenko and Fabio Martinelli, the coordinators of the TRAPEZE and E-CORRIDOR projects respectively, concluded the workshop summarising the topics and challenges presented and questions moving forward.

More than 60 participants attended the workshop, half of them online.

See also the workshop programme with links to some presentations

Bored of reading? Try out the TRAPEZE privacy dashboard hands-on at https://dashboard.trapeze-project.eu.

1. Use very (!) little text
   This is the most important insight. Previously, we provided detailed instructions on how to use the dashboard, much like you would encounter in the manual of a newly purchased cooking device or television. Our user tests showed that detailed instructions (even through video or an interactive tour on the website) were not unanimously well-received. Bottom line: Users wanted to ‘start clicking’. They wanted to be onboarded while interacting with the dashboard. We shrunk all texts on the dashboard and, where possible, only used headlines without any accompanying text to indicate what could be, and was expected to be, done on the dashboard.
2. Make clear what to do
   Most users did not know that withdrawing consent forces controllers to delete all their data and cease all processing. Withdrawing consent is thus more rigorous than requesting the deletion of your data. For the design of interfaces, users should understand that there is one action that enables and one action that disables the processing of their data. Users, however, do not come to the dashboard to ‘withdraw consent with the controllers to whom I have previously given consent’. They come to the dashboard to ‘stop the processing of their data’. As withdrawing consent is the most rigorous action that users can take to stop processing their data, the dashboard thus communicates ‘giving’ and ‘withdrawing’ consent as the two main actions to perform.1) We separated these two main actions from side actions that allowed users to explore, delete, or rectify their data. Not every user is a data scientist! We also removed somewhat gimmicky features that distracted users from these two main actions. We thus streamlined the consent-giving and withdrawing workflows that users should, and hopefully will, pursue on the dashboard.
3. Consent is something that links a data category to a purpose
   The new user interface design emphasises the giving and withdrawing of consent. But what should a consent-giving and withdrawing user interface look like? From a legal point of view, consent is pretty complex. For instance, consent-giving must include information on the circumstances under which consent is given. Is consent given by clicking a button? Is consent given by a child? Is consent informed? Is consent given through a ‘clear affirmative action’? These are primarily legal aspects. User and usability aspects are of a different nature. Our user tests indicate that users understand that consent is ‘something that links a data category to a purpose’. We were happy to learn that we found something that most users could quickly pick up through the design of our user interface. While there is much more to consent than merely a purpose and data category, users are already able to give and withdraw consent on the dashboard when prompted with this minimum amount of information. Additional information is available on the dashboard, yet only presented when a user drills down the interface by clicking on ‘see more’ elements. After all, not every user is interested in additional information and is sometimes even overwhelmed by it.

To put it in a nutshell, the TRAPEZE privacy dashboard provides a user interface that allows users to give and withdraw their consent. While many legal and technical aspects foresee that users need to have access to detailed information on what, how, where, and why their data are to be processed when they give and withdraw consent, our user tests indicate that too much information is counterproductive. Reducing the amount of information users face when asked to give or withdraw consent on the dashboard eases onboarding and users are not overwhelmed with information. In other words, the difficulty of designing user interfaces for consent management comes down to a prioritisation of what information should be presented first and what information should be presented later.2) Our findings indicate that users should first be given the purpose and the data that are to be processed before any other information.

Any comments, questions, or feedback? Feel free to contact us.

1) Note that consent is not the only legal basis on which controllers process personal data. If you buy a product online, the online shop does not need your consent. Fulfilment of the purchase contract requires the processing of your address for delivery. Here, users may limit the processing of their address by not purchasing a product or altering the purchase contract by, for instance, using an alias delivery address or picking up the product at a brick-and-mortar store (click-and-collect).
2) This design principle is often called ‘layered interface’.

Contact:
Philip Raschke, philip.raschke@tu-berlin.de
Tobias Eichinger, tobias.eichinger@tu-berlin.de

Related information:
Dynamic consent mechanisms – Second version (D4.5) 30 APR 2023
This deliverable focuses on consent management on the privacy dashboard. A prototype version of the privacy dashboard was used in the first usability test.

Privacy dashboards – Second version (D4.7) 30 JUN 2023
This deliverable reports on the TRAPEZE privacy dashboard, a web application that establishes both transparency and control. Transparency features include data exploration that allows users to display the data usage and potential risks associated with processing. Control features include consent management and incident reporting to limit data usage. The privacy dashboard is generally considered a personal data processing limitation dashboard.

Pilot 1 – Informatie Vlaanderen (AIV): “My Citizen Profile”

To demonstrate all the capabilities of the TRAPEZE outcomes in a realistic business context, three different use cases were defined and are being implemented, led by Informatie Vlaanderen (Belgium), Deutsche Telekom (Germany), and CaixaBank (Spain).

In recent years, there has been a growing emphasis on citizen-centricity and secure data sharing as important aspects of digital transformation. Digital Flanders is a government agency from the Flemish Government that recognizes this and is working on a new infrastructure to address these needs. Their aim is to create a secure and standardized way for citizens to reuse government data, with a focus on providing an excellent user experience.

To achieve their goal, Digital Flanders is leveraging Solid, a technology that was invented by Tim Berners-Lee, the creator of the World Wide Web, and researchers from UGent. Solid technology provides a platform that enables users to control their own data and choose how and with whom they share it, while ensuring the data remains secure and private. One of the main advantages of Solid is that it allows multiple organizations to make use of the same data, being stored in decentralized stores called Pods.

Digital Flanders is building on this technology to create a state-of-the-art data-sharing infrastructure. They are also leveraging existing developments from their popular MyCitizensProfile platform, which enables citizens to access their own data and manage their interactions with government services.

One of the first use cases for Digital Flanders’ new infrastructure will be with Randstad, a large HR group. Randstad will use diploma data from Digital Flanders during their application process. Thanks to Solid, Randstad only needs to offer a visual interface where the user can authenticate and consent to Randstad accessing the diploma data from the Solid Pod of the applicant. The project is expected to go live in Q2 of 2023. This collaboration will provide a practical demonstration of the capabilities of Digital Flanders’ new infrastructure.

Digital Flanders is also part of the TRAPEZE consortium, which has a goal of investigating and setting up a privacy platform that allows citizens to assess which third parties have consent to use their data and audit how their data has been used. This platform will build on the foundations of the Solid technology and aims to take consent management to the next level.

To achieve this, Digital Flanders plans to use the blueprint of the Solid project with Randstad to assess whether TRAPEZE can offer more advanced consent management features, and whether it can be integrated within their existing infrastructure. This will allow them to offer even greater control and security to citizens when it comes to their personal data.

Pilot 2 – Deutsche Telekom (DT): Tools & Applications for “Data sharing via APIs”

DT’s main concern is to make language and privacy policies defined in the TRAPEZE language as well as tools available for legal and commercially useful exchange/sharing of telco-specific personal data. These tools can then also be marketed by T-Systems (DT’s subsidiary for IT service provisioning) in the “Data Intelligence Hub (DIH)”. Both contexts require an automated, GDPR-compliant mechanism for formulating, applying, and managing rules for data sharing. These are formulated in privacy policies.

DT is actively contributing to the CAMARA Telco Global API Alliance. In this context, APIs for sharing data – including personal data – are provided for 3rd parties to make use of functions, features and data provided by telco carriers. For Telcos, this is a unique opportunity to finally monetize some of the data they host. DT pays a lot of attention to not harming its’ excellent reputation in terms of privacy and security. Thus, customer consent is collected in advance, and agreed privacy policies are used as a means of consent management.

TRAPEZE language (based on W3C dpv CG) is used to define, share, manage and enforce consent (or rather “agreed privacy policies”). DT integrated TRAPEZE language, tools, and concepts in its’ “Magenta Hyper Consent (MHC)” product. This product is targeted toward product owners and (in the CAMARA context) API monetization. Thus, there is no dedicated “TRAPEZE” user interface used, but rather DT/product-specific user interfaces are utilized to collect consent and to allow users to manage their privacy preferences.

While the MHC Core deals with policy- and consent management (independently of actual data), the MHC Gatekeeper uses the policies to filter 3rd party data requests. Figure 1 shows the overall architecture from a technical point of view.

Since MHC aims at B2B business and product managers, not directly at end customers, all components are built in a way to allow easy integration in new (and existing) products and services. It enables the DIH and other DT Business units to safely deal with personal data in the context of GDPR and other regulations.

A first application was trialed with DT’s approach for consent management, the “group consent clause” which allows customers (i.e. citizens) to grant, revoke and manage their consent for data using and sharing. A key requirement is the open exchange format of privacy policies as it was developed in TRAPEZE and its predecessors.

Pilot 3 – CaixaBank (CXB): “Customers’ Digital ID wallet”

CXB wants to develop a “Customer ID Wallet” that allows the bank direct and transparent communication with clients about the usage of their data. It will be designed to enforce GDPR compliance and increase the data privacy security awareness of their clients as well as incorporate the bank’s business requirements. There is not yet a common platform that gives security privacy control and transparency to clients/citizens and establishes trust among sector stakeholders. In terms of possible technical solutions to that challenge, CXB wants to explore the great potential of the TRAPEZE platform and its building blocks for establishing it.

Moreover, the recent release of the European Commission about the development of a European Digital Identity framework has just strengthened the innovation perspective of the bank towards the need for trusted solutions and frameworks for self-managing the identity and data of each individual. That should help to streamline the secure onboarding process to new digital financial services but also to improve the overall security awareness and data privacy consciousness in society, and in the end reduce the amount of successful social engineering attacks and impersonations.

In that line, the Customers’ ID Wallet pilot aims at developing an identity wallet that can work as a technical reference or complement the future EU Digital wallet, considering the digital identity verification means provided by the EU and Member States (when available) or any other trusted entity that works as an identity provider.

One of the main use cases that can be supported by this pilot is to facilitate the secure exchange of Know Your Customer (KYC) information between entities, a set of information from their clients that banks need to collect and keep updated. That is required by Anti-Money Laundering (AML) regulation and is mandatory by any financial institution. However, to properly collect, update and attest to the truthfulness of that information from all of its clients is a heavy time-consuming task for the banks but also for the citizens that want to acquire their services. Currently, every time a citizen needs to open an account with a new bank, he or she needs to provide the required personal and financial information.

What would happen if we could collect and validate KYC information only once?

That would simplify the process for banks and citizens, and that is the main objective of the “Customers’ Digital ID wallet” pilot, allowing citizens to provide that information once to one financial institution. This information will be validated by the entity as usual. However, Digital ID Wallet will keep track of that already attested information and provide means to share that information when it wants to have a financial service with another bank.

For this to happen, the customers must also be able to assess both the risks and the potential benefits of such actions (e.g. control with which entity they are sharing the data in order to identify them and their profile faster). The TRAPEZE platform will provide an easy and user-friendly way in which citizens can manage their data privacy policies and also review which entity has the consent to access which sensitive data from them and for which purpose.

As a result, Customers’ Digital ID Wallet can improve the citizens’ overall awareness of their data security and privacy risks, making them active players in the protection of their own data and finances.

Authors: Lauro Vanderborght (Digitaal Vlaanderen), Martin Kurze (Deutsche Telekom) and Ramon Martin de Pozuelo (CaixaBank).

The workshop was divided into several sessions, starting with an introduction to the TRAPEZE project by Alexander Vasylchenko of Tenforce, followed by Sander Verhaeven of Digital Flanders on their use case for secure diploma sharing. Piero Bonatti from CINI then gave a talk about sticky policies and how they are used in TRAPEZE.

Other topics covered included “The Platform Personal Data Inventory – AI-driven data discovery, classification and identity correlation” and “ID Wallet – Self-sovereign identity and consent management tool” both presented by Tenforce.  

The workshop concluded with a discussion among attendees on security and privacy-oriented personal data processing. The TRAPEZE Workshop provided a valuable platform for the experts to exchange ideas and discuss current and future challenges in the field of secure data processing particularly applied to the use of a governmental organisation such as Digital Flanders.

One of the world’s most prominent conferences on Intellectual Property is the WorldIPForum (WIPF). The organizers of the 2023 event in Bangkok, Thailand, approached TRAPEZE asking for a substantial contribution to the conference and possibly other means of collaboration. Dr. Martin Kurze, Deutsche Telekom’s representative in the TRAPEZE project, used the opportunity to present and promote TRAPEZE and the EU’s approach to protecting citizens’ personal data while enabling businesses based on the same data.

From 10 to 12 October 2022, the IP community met and listened to the results of the TRAPEZE project. Martin Kurze gave an invited presentation on the “EU Innovation Action TRAPEZE”, highlighting the advanced and flexible concept of privacy policies and the “real world/industrial” use of the results (see photo 1). The information and suggestions were positively received by representatives of the various industries and government agencies present.

An interesting side benefit was a fruitful exchange about the various legal contexts of the companies/participants present: most participants considered the European GDPR as a model for other world regions. The GDPR was recognized not only as the first, but also as a very well thought-out and powerful regulation. The general opinion was: If we can make our (IT) processes EU-/GDPR compliant, we can do it anywhere. Moreover, TRAPEZE-style policies were seen as a very valuable approach to protect citizens’ rights while still enabling legal and fully transparent data sharing.

The presentation and the subsequent discussion also showed that the idea behind the TRAPEZE language also appeals to professionals from other disciplines such as patent attorneys and IP law experts.

Privacy as a subject of investigation and discussion was also the focus of a WIPF panel discussion: “The Collision of Data Privacy and Cybersecurity”, moderated by Martin Kurze. Here too, technology and technical issues were discussed as causes of security breaches and the impairment of citizens’ privacy. At the same time, technologies such as the TRAPEZE language and tools were also seen as solutions to these and other challenges.

During this event, TRAPEZE representative Martin Kurze received an award as “Stalwart and Icon of Industry” for the work done in the project and during the conference.

We can conclude that privacy and privacy-aware data monetisation and in particular technological means to promote both, gained relevance and attention at the WIPF conference which shows that TRAPEZE’s work is relevant outside its core target audience and influences the view and perspective of legal experts around the world.

Blog information provided by Martin Kurze

While giving consent is often very easy (we simply tick a checkbox), managing consent is complex, challenging, and cumbersome. We have to navigate menus and privacy settings or even write an email to the controller to express our consent beyond a short “I agree!” The GDPR requires that withdrawing consent must be as easy as giving it. We want to focus on consent management and configuration with our new version of the Privacy Dashboard.

We, therefore, shifted from a data-centric to a more consent-centric design. We found that the TRAPEZE Privacy Dashboard should be a tool to control what data is processed for which purposes. 

Controllers who use the TRAPEZE platform will use the TRAPEZE Policy Language to formalize their privacy policy. The Privacy Dashboard can now process these formalized or machine-readable policies and offers data subjects to configure consent on a more fine-grained level. Navigating through a privacy policy becomes much easier when its contents are presented in an interactive manner.

Interested? See https://dashboard.trapeze-project.eu for a demonstration of the new version of the TRAPEZE Privacy Dashboard and a screencast of the demonstration on Youtube.
Any comments, questions, or feedback? Feel free to contact us.

Related information:
Dynamic consent mechanisms (D4.1) 23 DEC 2021
This deliverable focuses on consent management on the privacy dashboard. A prototype version of the privacy dashboard has been used in the first usability test.

Privacy dashboards – First version (D4.2) 28 FEB 2022
This deliverable reports on the TRAPEZE privacy dashboard, a web application that establishes both transparency and control. Transparency features include data exploration that allows users to display the data usage and potential risks associated with processing. Control features include consent management and incident reporting to limit data usage. The privacy dashboard can generally be understood as a personal data processing limitation dashboard.

Contact:
Philip Raschke, philip.raschke@tu-berlin.de
Tobias Eichinger, tobias.eichinger@tu-berlin.de

Telcos thus face the challenge of maintaining the trust of their customers while withstanding the economic pressure of the market. Usually, telcos are conservative in the best sense of the word (they preserve their customers’ assets).

But from time to time, opportunities arise that can potentially change the market: The applicability of the GDPR was one of those rare events (May 2018, 4 years ago). A project related to TRAPEZE (SPECIAL), laid the basis for privacy policies, and a very active W3C working group (DPV WG) outlined formal and theoretical foundations for defining rules for the use of personal data. TRAPEZE builds on this foundation. So does Deutsche Telekom.

Now, another event is on the horizon: Tracking Cookies on websites will be abandoned (or banned). The concept of “asking” the user for consent via cookie banners is both impractical and, in most cases, illegal. Therefore everyone is looking for alternatives to the creation of user profiles and (even more urgently) to the legal use and sharing of these profiles.

The industry needs alternatives, and the people (users, customers, citizens, etc.) demand more control, more privacy and even more and better services. Google is working on “Topics” and some telcos are exploring “TrustPID“. All these approaches start with the business/monetization perspective and try to ease concerns later or separately.

With Privacy Policies formulated in an open, standardized language, the industry can go the other way:first formulate the rules and restrictions and leave the control and transparency with the user. Then personal data can be monetized accordingly and the user asked for further consent if needed. It is expected that a language and platform like the one developed by TRAPEZE (and SPECIAL), will cover all needs and tools for “consent management” and “data sharing”. Cookies will be obsolete, user-centric rules like policies are the best candidates to preserve privacy and enable data driven business models even beyond the current “OTT” business.

By Martin Kurze

“What happens when experts from two successful H2020 projects share their experience and knowledge? A new idea is born: A ‘fancy’ TRAPEZE use-case, dedicated to a local public transport company, like the ones involved in the CitySCAPE project, to highlight how their end-users, mostly passengers and local public transport companies employees, can benefit from the solutions provided by TRAPEZE.”

You can find the episode on Anchor and Spotify.

Download the leaflet in pdf.

Rigo Wenning from ERCIM/W3C introduced the speakers and the objectives of the workshop, addressing leading-edge research on data markets, data spaces and privacy-related issues. In the European Union, data processing is subject to rules like GDPR and also to constraints from business imperatives. The workshop presented solutions for issues that arise when data is shared or monetized and presents a possible architecture for interoperability and data management for data markets and data spaces. As an example of the research advances made in this area, a use case of intelligent connected vehicles was presented. This workshop also included a presentation on advances in policy management, protection techniques, and also in standardisation of linked data to overcome interoperability issues.

Pierangela Samarati from Università degli Studi di Milano, coordinator of the MOSAICrOWN project (Multi-Owner data Sharing for Analytics and Integration respecting Confidentiality and OWNer control) gave an overview on the architecture developed by the project. An important issue is data wrapping and security. She explained how data wrapping provides protection by disabling the visibility of data for storage and collaborative computations and how this is achieved through intelligent indexing and an authorisation model.

Data sanitization & anonymization is another important part of the MOSAICrOWN architecture, presented by Stefano Paraboschi from the University of Bergamo. He explained that privacy metrics can be based on different privacy definitions and outlined the difficulties that arise when data needs to be anonymised. The presented solution is based on applying an algorithm called Mondrian, a multidimensional anonymization method within the Apache Spark framework, an engine for large-scale data analytics. 

Piero Bonatti, from CINI, and the University of Naples Federico II gave a presentation on data usage policies, developed in the frame of the TRAPEZE project (Transparency, Privacy and Security for European Citizens). He first explained what data usage policies are and how are they used, for instance in the context of the European General Data Protection Regulation (GDPR). He presented use cases related to policies and compliance, such as validation, audit/monitoring, actors, access control, etc. The solution applied in the TRAPEZE project is one simple language to express all policies in a uniform way. He demonstrated this in two examples: (1) First, by showing how privacy policy is expressed in the JSON format and (2) how the objective part of the GDPR is modelled. He then explained why TRAPEZE’s policy language is vocabulary-neutral. The property names and classes used in the policies are not hardwired in the policy language. They are defined in an ontology and TRAPEZE is adopting the vocabularies developed by W3C DPVCG (Data Privacy Vocabularies and Control Community Group). Piero concluded by explaining the advantages of applying formal semantics and how privacy policies can currently be assessed.

Pierre-Antoine Champin from ERCIM/W3C presented how the RDF-star draft standard is bridging the gap between linked data and property graphs in the frame of the MOSAICrOWN project. He introduced the concept of Linked Data and Property Graphs and demonstrated with examples how RDF-star reduces the impedance mismatch between Linked Data and Property Graphs.

Aidan O’Mahony from the OCTO Research Office at Dell Technologies concluded the workshop with a presentation of the use case “Intelligent Connected Vehicles” developed in MOSAICrOWN. He provided insight to the architecture for an automotive scenario involving data owners (drivers) ingesting their data into the data market, consumers accessing data in the data market, and the data market provider offering storage and computation services to data owners and consumers. In this scenario, RDF-star is applied to intelligently connect vehicles.

At the end of the workshop, the presenters had the opportunity to answer questions raised during the online sessions.

The speakers at the EBDVF workshop. From top left: Pierangela Samarati, Stefano Paraboschi, Rigo Wenning, Pierre-Antoine Champin, Aidan O Mahony and Piero Bonatti.

On the one hand, European citizens are confronted with micro-decisions on whom to give consent day in and out. For what purpose, for how long, under which terms. Oh, is there yet again a policy update? On the other hand, data controllers are busy deciphering data protection legislation and more so its vague and rapidly changing implications to their businesses. There does not seem to be a single best solution. In such situations, it often helps to take a step back, breathe, and think.

What is currently happening in the data-centric economy could be comically satirized with the following quote by the philosopher and non-privacy scholar Karl Marx:

 “Die wissen das nicht, aber sie tun es” (“They do not know it, but they are doing it”) – Das Kapital

Indeed, non-knowledge does not seem to imply non-usage. Conversely, the fact that you use money, drive a car, or use a smartphone does not imply that you understand how these things work. “These things” simply have interactional value to the user. It does not matter to the user what they are as long as they can be used.

If we believe in the words by Karl Marx with respect to the abstract concept of money and capital, it might be reasonable to consider its implications with respect to privacy and security. Do we actually know what privacy and security are? Is there value in trying to know? You might be surprised that TRAPEZE answers these questions in the negative!

The TRAPEZE project does not try to answer the question what privacy and security are. Instead, it is agnostic of any concept of privacy and security in the sense that it tries to provide transparency and control to European citizens. Instead of defining privacy and security, TRAPEZE provides technology to see beyond the surface of services to see what personal data is used and for what and even more, tools to control both.

We are currently developing TRAPEZE mobile, a mobile application that allows European citizens to detect cybersecurity threats on their smartphones individually. Once detected, the app provides practical instructions and functionality to remove those threats and avoid them in the future. In brief, it becomes clearer to European citizens what is happening on their devices to adjust accordingly. In the style of Marx: They know it, and they are doing it.

By Tobias Eichinger, tobias.eichinger@tu-berlin.de

The General Data Protection Regulation (GDPR) introduced strong incentives to virtuous personal data processing.  Consequently, companies (and data controllers in general) are looking for automated support in order to comply with the regulation.

TRAPEZE has recently released the first version of its machine-understandable usage policy language: a necessary prerequisite for automating compliance checking.  The policy language can express in a simple and uniform way the privacy policies of controllers, the consent of the data subjects, and objective parts of the GDPR.  Thus, using TRAPEZE’s compliance checker, it is possible to verify whether the controller’s operations comply with data subjects’ consent and with the formalized part of the GDPR.

The internal format of policies is the OWL 2 Web Ontology Language. The formal semantics of OWL2 has been essential to prove with mathematical rigor that the compliance checker returns no false positives and no false negatives. However, policies can be serialized in JSON (JavaScript Object Notation), too, which most developers are familiar with. TRAPEZE’s dashboards translate the machine-understandable formats into a presentation accessible to all citizens.

The policy language does not inherit the complexity of full OWL2. TRAPEZE’s specialized compliance checker is very efficient: it can execute a few thousand compliance checks per second, thereby addressing the most challenging scenarios.

Last but not least, the whole framework is “vocabulary neutral”, that is, the engine can work with different vocabularies of privacy concepts, purposes, legal bases, etc.  This feature makes the policy framework easily adaptable to new application domains (with their specific purposes and data categories) and to different regulations.  Currently, TRAPEZE is adopting the vocabularies developed by the Data Privacy Vocabularies and Controls Community Group of the W3C (https://www.w3.org/community/dpvcg/) covering the basic concepts of the GDPR, as well as purposes and personal data categories of common interest.

The technical details of the policy language and the compliance checker can be found in deliverables D2.1 Policy Language – First version and D2.3 Transparency and compliance checking – First version.

by Piero Bonatti

Following the ‘Secure by design’ principle, the TRAPEZE Dashboard mobile app will be foundationally secure. The protection, able to thwart an overwhelming majority of attack vectors against mobile devices and data, will be implemented through the KMS-SDK five-step approach for securing mobile applications:

1. Assess the device – Risky device settings or rooted devices can simplify successful attacks and data exfiltration. Furthermore, on Android devices, some applications can be recognized as malicious based on their behaviour or reputation. KMS-SDK detects and mitigates the danger.
2. Protect the device –  The Android version of the TRAPEZE Dashboard will be protected through the ‘classic’ Kaspersky anti-malware tool designed to prevent malware from infecting the device, including a scanning that will notify the citizen if a malware attempts to exploit his/her device.
3. Secure the connection – The data exchange between the citizen’s device and remote web resources needs to remain secure at all times. Both Android and iOS versions of the TRAPEZE Dashboard will include KMS-SDK measures like the DNS spoofing checker, the certificate validator, the Wi-Fi safety analysis, and the website reputation analysis.
4. Secure the data – When citizens need to input or store important information using the TRAPEZE Dashboard app, the KMS-SDK secure input and secure storage features will prevent data interception by fraudsters.
5. Protect the application – The KMS-SDK Self-Defence features provide facilities that protect the Android version of the TRAPEZE Dashboard mobile application from exploitation by third parties. The self-defence mechanisms provide for verification of the application’s digital signature, and to detect debugging and attempts to replace the method operations with malicious code.

KMS-SDK is fully integrated with Kaspersky Security Network (KSN), a complex distributed infrastructure dedicated to process cybersecurity-related data streams to deliver the Kaspersky security intelligence to every citizen who is connected to the Internet, ensuring the quickest reaction times, lowest false positive rate and maintaining the highest level of protection. KSN integration complements conventional security techniques for malware and threat detection, so that the TRAPEZE Dashboard mobile app end-users are protected from the latest mobile attacks.

For more details, see also the deliverable Securing citizens smart terminals and online communication – First version

by Amedeo D’Arcangelo

Keycloak is an open-source Identity and Access Management solution targeted towards modern applications and services. It offers features such as Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console. Moreover, it has big community support which guarantees that there are a lot of examples of how to do something.

Some of the strongest points of Keycloak are:

• Administration GUI – Keycloak has the great advantage of providing a GUI enabling direct administration of your data (users, realms, roles, etc.) from a web page.
• Manages all classic authentication protocols – Keycloak manages a whole load of different authentication layers. These include, in particular, OpenID, OpenID Connect, OAuth, and SAML. It is also capable of connecting directly to several types of database (LDAP, Kerberos, etc.).
• An integrated social network gateway – Keycloak supports the possibility of setting up configuring for logging in using social networks.
• Account management with task automation – Added to this is the possibility of directly managing the registration of users and the automatic sending of emails for verification, loss of password and account update.
• Two-factor authentication – In addition, Keycloak supports two-factor authentication, enabling maximum security.

To integrate Keycloak with applications and systems, there is a complete series of “client adapters“. They are libraries that make it very easy to secure applications and services with Keycloak. They are called adapters rather than libraries as they provide tight integration to the underlying platform and framework. To learn more about Keycloak, please visit the official page (www.keycloak.org).

by Dejan Paunović

According to the GDPR, processing personal data must be carried out “in a transparent manner.” As vague as this expression is the concept of software transparency. How can personal data be processed transparently? Disclosing every processing step could lead to a flood of information that overwhelms users, while abstractions and generalizations could lack desired information.

The same is valid for the degree of control offered by the TRAPEZE Privacy Dashboard to its users. Probably everyone encountered at least once a user interface with countless options and inputs to provide. While it is desirable to have many options to express one’s security and privacy preferences, guidance and support contribute to usability as much as the options to choose from reduced to the minimum.

For the first prototype, we defined a simple scenario to showcase the TRAPEZE Privacy Dashboard in which a fictional service (Finder by the company Finder GmbH) processes location information of its users to recommend interesting locations that are nearby. With the help of the dashboard, users can learn who processed what kind of their personal data, for which purposes, and request erasure if necessary.

Interested? See https://dashboard.trapeze-project.eu for a demonstration of the TRAPEZE Privacy Dashboard. Any comments, questions, or feedback? Feel free to contact us.

Contact:
Philip Raschke, philip.raschke@tu-berlin.de

More than sixty Horizon 2020 projects expressed their interest to participate. The TRAPEZE project presented its approach to utilizing Hyperledger channels as a part of the TRAPEZE platform and its interaction concept with Smart Contracts. Other Horizon 2020 projects ARTICONF, MEDINA, StandICT, and BEACON also presented their view on Smart Contracts applications in the use cases.

Besides Horizon 2020 projects, EC Program and Policy Officers (DG CONNECT F3), INATBA, and blockchain standardization experts from ISO TC 307, ETSI PDL, and EBSI.

After the presentations, an open discussion among all the participants touched upon the following questions:

1. A smart contract is not necessarily “smart” nor “contract”;
2. Obstacles to the cross-border use of Smart Contracts in national and EU laws;
3. Expanding use cases of smart contract
4. Need for clear legal frameworks and standardization

Participating in standardization activities is strongly supported by the European Commission. It helps to disseminate and exploit activities while strengthening the overall impact of the TRAPEZE project both in Europe and internationally. All the information, details, and the Agenda can be found on the official Shaping Europe’s digital future website – here: https://digital-strategy.ec.europa.eu/en/events/ict-verticals-and-horizontals-blockchain-standardisation

by Alexander Vasylchenko

Piero Bonatti from Università di Napoli Federico II, presenting “Metadata, Policy and Reasoning” in the frame of the TRAPEZE project. The presentation was recorded during the Workshop on Metadata Interoperability on 27 May 2021 as part of the European Big Data Value Data Week.
Watch the video on YouTube

In the frame of the European Big Data Value Data Week, 32 metadata experts from academia and industry attended the Workshop on Metadata Interoperability on 27 May 2021. The workshop was organised by Rigo Wenning, supported by the European H2020 projects MOSAICrOWN (Multi-Owner data Sharing for Analytics and Integration respecting Confidentiality and OWNer control) and TRAPEZE.

The EBDV Data Week is the spring gathering of the European Big Data Value and Industrial AI research and innovation community. The 2021 Data Week was held online over three days. The well-established event continued in the tradition of promoting opportunities, sharing knowledge and fostering ecosystem development. 

The Metadata Interoperability workshop aimed at exploring ways to make metadata interoperable while ensuring appropriate data protection. Interoperable metadata is crucial to enable data value chains that build up the data economy. The protection of data is key to increase the sharing and processing of data without privacy risks. The workshop chair Rigo Wenning (W3C/ERCIM) introduced a panel of five speakers who presented current research and developments tackling the metadata interoperability challenge.

Pierre-Antoine Champin from Univerisity of Lyon and W3C/ERCIM introduced “Linked Data: principles and perspectives”. He explained how heterogeneous data can be captured into graphs, and why URLs (or IRIs) are a good solution for the disambiguation of labelled graphs. He further explained that Linked Data, as a layer providing interoperability, does not require a change in the underlying metadata production chain. He also briefly presented work in progress at the World Wide Web Consortium – W3C, which includes Decentralized Identifiers (DIDs), content negotiation by profile, and RDF-star (an extension of RDF to make RDF more flexible by allowing metadata of edges).  

Víctor Rodríguez Doncel from Universidad Politécnica de Madrid presented “Metadata operations in Lynx”. Lynx is a European H2020 project that has built a service platform for ontologies applied to different use cases, such as labour law (https://www.lynx-project.eu/). This was achieved by developing a multilingual legal knowledge graph built on an RDF Data model, enriched with annotations, and compliant with the NLP Interchange Format NIF. As a lesson learned, he mentioned the huge effort invested to build the data model. In the future, he will be concentrating on methods for import and export of data and applying a more pragmatic approach for internal operations. This raised the question about how to make data models reusable and to whom public data models should be reported. 

Albert Zilverberg from ATB Bremen GmbH gave an example from the automotive industry with his talk on “Standardization challenges in cross-sectorial data streams”. The European CROSS-CPP project developed an ecosystem for services based on integrated cross-sectorial data streams (https://www.cross-cpp.eu/). The goal was to give data customers access to cyber-physical products (CPP) data streams to build sectorial and cross-sectorial services. This allows data owners to exploit their CPP CPS data, which is their most valuable asset. In a brand-specific data format environment, data customers need one single access point to get access to CPP data with one interface. A solution is the common industrial data model (CIDM) providing one common standard for all kind of CPP data. Albert then presented in detail the CIDM specifications, designed in a layered structure taking into account different types of sensor signals, CIDM measurement channels, etc.  CIDM Data packages contain complex metadata and he discussed the question of what level of harmonization is achievable by CIDM.

Svetla Boytcheva from Sirma AI (Ontotext) spoke about “Metadata in the health care sector”. The EU project EXAMODE – Extreme scale analytics via multimodal ontology discovery and enhancement (https://www.examode.eu) develops prediction and analysis tools for clinical settings and research. Clinical data is highly heterogeneous. The project investigates a digital workflow for a hospital information system using the health interoperability standard HL7 Int, semantic data interoperability standards such as RDF, RDF Star, OWL and SKOS, and technical interoperable standards like JSON and JSON-LD. Ontologies standard classifications are the key challenges for combining heterogeneous data. The development of new ontologies was needed to integrate these ontologies in a portal. New ontologies have been developed for four different diseases.

Piero Bonatti from Università di Napoli Federico II, gave a presentation entitled “Metadata, Policy and Reasoning” summarising the work carried out in the European TRAPEZE project (/). The goal of the project is to give the users control over their data by assuring transparency while legal compliance is automatically checked. He presented the architecture of the TRAPEZE method where privacy policies and consent are considered as metadata. He explained the many requirements for data usage policies and how these policies are being developed satisfying all requirements, leveraging OWL2 and JSON.

The presentations were followed by a lively discussion. The panellists pointed out that the considerable and impressive efforts put into each project clearly show that there is a need for exchanging methods and practices and sharing results on metadata work. The panellists and workshop participants were invited to contact the speakers to discuss and exchange current and future challenges and solutions of metadata interoperability, best practices and developments.

The sessions have been recorded and will be available on BDVA’s YouTube channel at https://www.youtube.com/channel/UC5XVReZ5BY4pcsWJY0nJGvw as well as on the Data Week’s web site https://www.big-data-value.eu/dw21-agenda/

by Peter Kunz

For this reason, we plan to deploy three different use case pilots that will evaluate TRAPEZE’s proposed scalable policy-aware Linked Data architecture under real-world conditions. The conditions imposed will apply to functionality requirements, and just as importantly, to non-functional requirements such as performance, scalability and security. All 3 use case pilots include the processing and aggregation of large amounts of personal data from various data sources, with policies specified at different levels of granularity.

By testing and evaluating the Linked Data architecture through these different scenarios, it must be understood that TRAPEZE’s overall methodology will have to be flexible, robust, scalable and ethically compliant, in order to handle the complexity and heterogeneity of the required data security and privacy solutions, and in order to accommodate the different stakeholders involved in the data value chain.

The three pilots defined and developed in TRAPEZE are coordinated by different use case partners: Informatie Vlaanderen (Belguim), Deutsche Telekom (Germany), CaixaBank (Spain). The use cases are further described as follows:

• Pilot 1 – Informatie Vlaanderen (AIV): “My Citizen Profile”: AIV wants to leverage Linked Data and decentralized principles using a web-based ecosystem that separates data from their applications making use of “Solid” (Streamlining governmental data processes by putting citizens in control of their own data) in the existing user-centric back office and interface of “My Citizen Profile” (an application which provides an overview of all authentic government information). Like TRAPEZE, Solid aims to give users true control over their data. The AIV pilot is an opportunity to demonstrate this mindset and show its complementarity with other approaches to personal data governance and protection.

• Pilot 2 – Deutsche Telekom (DT): Tools & Applications for “Data Intelligence Hub”: DT’s main concern is to make a language for privacy policies and tools available for the Data Intelligence Hub (DIH) but also as integral parts of the DIH data management platform. This enables the DIH to safely deal with personal data in the context of GDPR and other regulations. First applications will be trialed with DT’s approach for consent management, the “group consent clause” which allows customers (i.e. citizens) to grant, revoke and manage their consents for data using and sharing.

• Pilot 3 – CaixaBank (CXB): “Customer ID wallet”: CXB wants to develop a “Customer ID Wallet” with all the features required by GDPR and the company business as well as informed citizens. There is not yet a common platform that gives security privacy control and transparency to clients/citizens and establishes trust among sector stakeholders, knowledge sharing, and its impact remain limited. In terms of possible technical solutions to the challenge, CXB sees tremendous potential in the TRAPEZE platform and its building blocks for establishing it.

The key take-away understanding is that each use case pilot is designed to prove the feasibility of the TRAPEZE scalable policy-aware Linked Data architecture in a realistic business context.

TRAPEZE – Transparency, Privacy and Security for European Citizens

TRAPEZE – Transparency, Privacy and Security for European Citizens – is a European Innovation Action with the ambitious goal of driving a cultural shift in the protection of the European data economy. It aims to achieve this by reconstructing the concepts of control, transparency and compliance through technical and methodological, citizen-first, innovations. The project will lead the way in putting often-misplaced cutting-edge technologies to practical use for the citizens.

As we witness the rise of the digital age and reap the benefits of a data-driven society, our activities, industrial processes, and research amass an unimaginable amount of data. Moreover, data from previously isolated sources are, be it intentionally or accidentally, combined and interlinked and used by companies and public bodies, big and small alike, often behind the corporate/government firewall. This “Deep Web of Data” holds huge potential for the European Digital Single Market and for business, science and society. However, its growth comes at a cost to the very society that created it – it has become immensely difficult, if not impossible, to manage and, hence, keep the data safe. In other words, this struggle for traditional businesses is both impeding progress in the EU economy and has also opened the door for cybercrime; an increasing concern for the European economy and society.

With the ever-increasing pace of data production, citizens in Europe find themselves at the mercy of those controlling the data. By May 2019, data protection authorities in the EU had received 144,376 GDPR-related queries and complaints from the European public. This is an important indicator that citizens are becoming increasingly aware of the data protection regulation, and risks relating to security and privacy. With the increasing awareness, people are taking a more active role in the protection of their own data. While awareness-raising is key in engaging all participants in the protection of citizens’ fundamental rights, a foundation of trust is essential for strengthening society’s overall cyber-resilience. The right tools and guidelines can help to support the will of the citizens and turn the fight against data misuse and cybercrime into a joint effort.

TRAPEZE is aiming to become a lighthouse for European and global initiatives that aspire to deliver citizen-first, cyber-resilient, innovation.

To make this goal a reality, TRAPEZE aims to put citizens’ security and privacy into their own hands by providing them, first of all, with innovative dashboards that will enable fine-grained and dynamic control of their data protection preferences across all relevant controllers. These will be accompanied by transparency and feedback mechanisms that will allow data subjects to comprehend the complex flows of their data and actively participate in the prevention, detection, and reporting of legal noncompliance or incidents, and in exercising their legal rights. Furthermore, to ensure citizens of all groups, skills, and physical abilities can manage and monitor their data flows, TRAPEZE will place a special emphasis on usability, but also privacy preferences and sociological aspects across different member states, seeking to establish a feedback loop with its end-users internationally. This collaboration (or co-production) will enable direct involvement of the EU citizen in the development of privacy-enhancing technologies. Additionally, to contribute to the resilience of European society, we aim to increase awareness and competence through open knowledge, gamification, and micro-learning.

TRAPEZE is significantly different from existing approaches in that it does not attempt to protect the citizen by abruptly reshaping the European digital economy. Instead, it seeks to empower the data subject, while enabling a realistic, steady, transition to a more trustworthy data ecosystem that extends beyond online services and deep into the controllers’ data silos. TRAPEZE aims to enable privacy-aware and privacy-preserving data value chains by leveraging the concepts of linked data graphs and distributed ledgers (blockchain). Linked data will be used to control the handling of the payload data (actual personal data relating to the citizen) stored and processed by controllers’, or processors’ systems, even downstream (re-sharing from controller to controller/processor) in the data value chain. Blockchain technology will ensure compliance and decentralisation of records of processing activities, as well as immutability and non-repudiation of said records (with GDPR compliance in mind). In addition, TRAPEZE aims to secure citizens’ smart terminals and online communication through a software development kit for mobile security.

TRAPEZE’s proposed architecture and tools will be developed and evaluated under real-world conditions in three pilot scenarios in government, telecommunication and IT services, and banking.  All three pilots involve the processing and aggregation of large amounts of personal data from various data sources, with policies specified at different levels of granularity.

TRAPEZE is not starting from scratch, but builds on a decade of EU-funded research in security and privacy, as well as on proprietary solutions and know-how, towards marketable innovations.

Trapeze aims to:

• bring all stakeholders together under a common resilience framework;
• empower citizens with the necessary tools and know-how to manage their security and privacy;
• support the acquisition of citizens’ consent at collection time and the recording of both the data and the metadata with scalable automated compliance checking in mind;
• restore citizens’ trust in the digital economy by enforcing log integrity and non-repudiation;
• reconstruct data lineage and implement transparency by design;
• demonstrate its applicability in three different operating environments of the public, telecom and financial sectors.

The project includes 13 partners from seven European countries: TENFORCE (BE), ERCIM – The European Research Consortium for Informatics and Mathematics (FR), TU Berlin (DE), Informatie Vlaanderen (BE), Deutsche Telekom (DE), CaixaBank (ES), CINI – Consorzio Interuniversitario Nazionale per l’Informatica (IT), Unabhängiges Landeszentrum für Datenschutz, Schleswig-Hostein (DE), Kaspersky Lab Italia (IT), Institute Mihajlo Pupin (RS), IPSOS (BE), Athens Technology Centre (GR) and  E-Seniors Association (FR).

Contact:
Uros Milosevic
Project Coordinator
TENFORCE
Uros.Milosevic@tenforce.com

The TRAPEZE  project  has  received  funding  from  the  European Union’s  Horizon  2020  research  and innovation  programme  under  the  European  Union’s  Horizon  2020  research  and  innovation programme under grant agreement No 883464.