Raschke, P.; Herbke, P. and Schwerdtner, H. (2023). t.ex-Graph: Automated Web Tracker Detection Using Centrality Metrics and Data Flow Characteristics. In Proceedings of the 9th International Conference on Information Systems Security and Privacy, ISBN 978-989-758-624-8, ISSN 2184-4356, pages 199-209.

Tobias Eichinger and Axel Küpper. 2023. Distributed Data Minimization for Decentralized Collaborative Filtering Systems. In Proceedings of the 24th International Conference on Distributed Computing and Networking (ICDCN ’23). Association for Computing Machinery, New York, NY, USA, 140–149.

T. Eichinger and M. Ebermann, “Can We Effectively Use Smart Contracts to Stipulate Time Constraints?,” 2022 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), Newark, CA, USA, 2022, pp. 11-18,

Piero A. Bonatti, Luigi Sauro. Sticky Policies in OWL2: Extending PL with Fixpoints and Transitive Closure. Proceedings of the 19th International Conference on Principles of Knowledge Representation and Reasoning, KR2022, July 31 – August 5, 2022, Haifa, Israel.

Piero A. Bonatti, Luigi Sauro. Tractable Compliance Checking with Negation. 34th International Workshop on Description Logics (DL 2021), 2021

P. A. Bonatti, L. Sauro and J. Langens, “Representing Consent and Policies for Compliance,” 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2021, pp. 283-291.


TRAPEZE poster for download (v. July 2022)
TRAPEZE leaflet v. April 2022

P. A. Bonatti: Using DPVCG’s outcome in TRAPEZE’s compliance framework.
Invited presentation at the periodic meeting of W3C’s Data Privacy Vocabularies and Controls Community Group (DPVCG) on 15/9/2021

Piero Bonatti: Real-time reasoning in OWL2 for GDPR compliance.
IJCAI 2021 – journal track.  Aug 25 and 26, 2021.
Video | Slides

M. Popovic, N. Tomasevic: A blockchain-based platform for keeping logs of citizens’ consents, LAMBDA 2021 PhD Workshop, June 2021

Piero Bonatti from Università di Napoli Federico II, presenting “Metadata, Policy and Reasoning” in the frame of the TRAPEZE project. The presentation was recorded during the Workshop on Metadata Interoperability on 27 May 2021 as part of the European Big Data Value Data Week.

TRAPEZE project presentation at roundtables organized by EC CNECT:
“ICT Verticals and Horizontals for Blockchain Standardisation”, 13 January
“Extension of ICT Verticals and horizontals for Blockchain Standardisation / Smart-Contracts”, 21 April | Blogpost

Public deliverables

Publicly available technical deliverables produced by the project will be available as soon as they are published. The reports are ordered thematically by “Work Packages”.

A good way to consult the project’s development on the technical issues is our GitHub repository

Citizen-Centric Use Cases and Requirements

Citizen-centric use case scenarios – First version (D1.1) 29 JAN 2021
TRAPEZE will implement three use cases provided by three use case partners. Each use case is designed in a way to prove the feasibility of TRAPEZE outcomes in a realistic business context. The use cases are described independently of each other in separate chapters.

Data Protection Requirements – First Version (D1.2) 31 MAY 2021
This report focuses on enhancing the protection of citizen’s rights with particular focus on the data protection related to fundamental rights as laid down in Articles 7 “Respect for private and family life” and 8 “Protection of personal data” of the Charter of Fundamental Rights of the European Union

Security and Privacy Resilience Framework and Guidelines – First version (D1.3) 27 MAY 2021
This report describes the framework for cybersecurity and privacy allowing TRAPEZE stakeholders to prepare for and adapt to threats, and to respond to and recover from incidents.

Platform specification and design (D1.4) 30 APR 2021
This document presents a high-level perspective on the specification and technical design of the TRAPEZE platform, taking into account the citizen-centric use-case scenarios.

Citizen-centric use case scenarios – Second version (D1.5) 27 AUG 2021
This document provides an updated description of the three use cases (pilots) “My Citizen Profile” from Digital Flanders, “Data Intelligence Hub” from Deutsche Telecom and CaixaBank’s “Customers’ ID wallet”.

Data Protection Requirements – Second Version (D1.6) 30 SEP 2021
This deliverable represents the requirements at month 12 of the project where the initial design of the use cases has become available in Deliverable D1.5. These requirements need to be incorporated in the upcoming design cycles and will be continuously refined.

Security and Privacy Resilience Framework and Guidelines – Second version (D1.7) 28 FEB 2022
This report is an update of D1.3 and describes in more detail the framework for cybersecurity and privacy allowing TRAPEZE stakeholders to prepare for and adapt to threats, and to respond to and recover from incidents.

Platform Specification and Design-Second Version (D1.8) 28 FEB 2022
This report is an update of D1.4 about the specification and technical design of the TRAPEZE platform and presents its high-level technical perspective.

Policy Management, Transparency and Compliance

Policy Language – First version (D2.1) 31 MAR 2021
This report introduces the first version of the policy language of TRAPEZE, called PLinst, and– in preparation for the next version of the language – it proposes policy histories as an efficient way to support negation in consent policies.

Sticky Policies – First version (D2.2) 30 AUG 2021
A sticky policy is a machine-readable policy that accompanies the data, regulating its usage and specifying the applicable obligations and organizational constraints as the data migrates across multiple recipients. All kinds of TRAPEZE’s policies can be sticky policies.

Transparency and compliance checking – First version (D2.3) 27 AUG 2021
This first report on reasoning algorithms introduces correct and complete algorithms that support compliance checking for two of the planned new features of TRAPEZE’s policy language, namely instances and negation.

Compliance and explanation engines – First version (D2.4) 27 AUG 2021
The first version of TRAPEZE’s engine can check the compliance and the consistency of policies written in PLinst (see also TRAPEZE deliverable D2.1).

Engine scalability properties – First version (D2.5) 11 AUG 2022
This deliverable reports the result of a systematic performance analysis of TRAPEZE’s reasoner for PLinst (i.e. version 1 of TRAPEZE’s policy language, which extends SPECIAL’s language with instances). The data and code used for the experiments can be found here.

Policy Language – Second version (D2.6) 31 AUG 2022
This report introduces the second version of the policy language of TRAPEZE, called PLT2, which extends SPECIAL’s policy language with instance-valued properties and exceptions in data subject policies.

Sticky Policies – Second version (D2.7) 31 AUG 2022
This report is an update of D2.2 and describes an implementation of a blockchain-based solution on how to make sticky policies (and their evolution) tamper-proof and how to make the connection between the sticky policy and the data tamper-proof.

Transparency and compliance checking algorithms – Second version (D2.8) 31 AUG 2022
This second report on reasoning algorithms introduces correct and complete algorithms for flexible sticky policies, the new feature of TRAPEZE’s policy language.

TRAPEZE Platform, Integration and Components

Securing citizens’ smart terminals and online communication – First version (D3.3) 27 AUG 2021
This deliverable identifies the interactions between the TRAPEZE platform and the citizens via their personal smartphones or tablets and the best ways to protect them through the Kaspersky Mobile Security SDK (KMS-SDK), a multi-layered security framework for building online protection directly into mobile applications.

TRAPEZE Platform – First version (D3.4) 28 FEB 2022
This report describes the interim implementation of the TRAPEZE platform. The interim implementation does not include all components and it is not expected to cover all functionality needed. It is a snapshot of the progress toward the final product at month 18 which will eventually meet the quality standards required for mission-critical software.

Citizen Interaction, User Experience and Sociological Considerations

Dynamic consent mechanisms (D4.1) 23 DEC 2021
This deliverable focuses on consent management on the privacy dashboard ( A prototype version of the privacy dashboard has been used in the first usability test.

Privacy dashboards – First version (D4.2) 28 FEB 2022
This deliverable reports on the TRAPEZE privacy dashboard, a web application that establishes both transparency and control. Transparency features include data exploration that allows users to display the data usage and potential risks associated with processing. Control features include consent management and incident reporting to limit data usage. The privacy dashboard can generally be understood as a personal data processing limitation dashboard.

Usability and accessibility testing report – First version (D4.3) 23 DEC 2021
This report presents the findings of the first round of usability and accessibility testing of the privacy management dashboard that is being developed under TRAPEZE.

Privacy preferences and sociological aspects analysis–first version (D4.4) 23 DEC 2021
This report presents the findings of the survey that was conducted to gain an understanding of European citizens’ attitudes, knowledge and actions with regard to the safety and protection of their personal data. This also includes assessing citizens’ interest in the different citizen-facing tools that are being developed under TRAPEZE.

Data Protection Requirements for the TRAPEZE Privacy Dashboard (Working Document WD1.0) 29 APR 2022

Raising Citizen’s Security & Privacy Awareness and Competence

Security and Data Protection knowledge base – First version (D5.2) 03 MAR 2022
This report explains the security and data protection knowledge base that provides additional information to users of the help desk and the dashboards. It is a database with various kinds of background information and pointers to online texts.

Citizen-centric help desk-First version (D5.3) 30 APR 2022
This report describes the citizen-centric help desk, designed to provide citizens with a central information point for security and privacy topics.

Security & Privacy Awareness and Competence Testing-First Version (D5.4) 09 MAY 2022
This report describes Kaspersky’s K-ASAP training platform created to improve citizens’ Security &
Privacy Awareness and Competence, and how it is tested by the users and evaluated from the users’ perspective.

Use Case Implementation and Platform Evaluation

Public penetration_hacking challenges – First version (D6.3) 26 JUL 2022
This deliverable reports on the challenge to verify that the TRAPEZE infrastructure complies with policies and regulations, and ensures that data are shared only with authorized individuals. The challenge is implemented on the platform and continues until the end of the project. Everyone can participate in the program.

Integrated platform testing – First version (D6.4) 31 AUG 2022
This report presents the results of the TRAPEZE platform evaluation using the methodology of the “Special Transparency and Consent Benchmark”. This report serves as a summary of current tests and results and will be updated regularly as the project advances.