PrivacyGuard Research Project
The PrivacyGuard (PGuard) research project supported by the Federal Ministry of Education and Research (BMBF) aims at simplifying the consumer protection of personal data on mobile devices. SRIW is coordinating the interdisciplinary cooperation in this project and contributing its legal expertise.
The PrivacyGuard (PGuard) app and web portal are designed to allow consumers and users to set personal preferences as the parameters to evaluate the risk of apps already used or waiting to be installed.
In this respect, the PGuard app and web portal differ from the established products for analysing malware. PGuard similarly does not offer any concluding legal classification of the apps. Instead, PGuard provides an instrument which (re-)empowers consumers and users, enabling them to decide for themselves how their personal data should be used. To achieve this goal, legal texts – such as, for example, data privacy statements and general terms and conditions – are automatically read and evaluated on the basis of user preferences, and real data streams compared with the data stream rates given.
A concise but more extensive description can be found (in German) under the official summary of the PGuard project (PDF: 453kb) as well as in the official statement (in German) by the Federal Ministry of Education and Research (BMBF).
In 1983, the Federal Constitutional Court was required to rule on the question of personal rights in a census of the then West German population. The Court’s decision, known as the Volkszählungsurteil, became a landmark ruling in German law. Even today, it is fascinating to see the implications identified by the Constitutional Court judges on the individual’s right to what they termed “informational self-determination”. Ever since, data protection has been the subject of debate and discussion in Germany. Moreover, given scandals in recent years over the misuse of data and, in particular, the data collection and processing undertaken by secret services, the right to data privacy has retained a high public profiles.
Such cases, not least, have played their part in fuelling changes in the views of users and consumers. Current studies show that – in Germany especially – data protection is a major concern. In this context, however, the behaviour of users and consumers often seems paradoxical, with personal data apparently provided for third parties casually and willingly.
At present, consumers and users see themselves as facing significant challenges:
- a sociocultural pressure to use certain services,
- a time pressure seemingly making it impossible to conduct the necessary research,
- bi-dimensional knowledge symmetries whereby consumers and users are unable to evaluate the potential value of their data, and lack not only the requisite technical skills to monitor the data-handling processes, but also the means to do so,
- a blunting effect due to the constant need to acknowledge and accept ever longer and more (seemingly) complex legal texts such as, for instance, General Terms and Conditions and data privacy statements.
PrivacyGuard (PGuard) explicitly addresses these challenges for users and consumers. As part of this project, a prototype is being developed to assist users and consumers by providing an overview of the data-handling processes of apps quickly and in easily comprehensible terms.
Here, the project places a particular emphasis on users and consumers taking an active role in protecting their personal data. In an initial step, they define their own preferences for the way their data is processed. These user preferences are then taken as the parameters for a risk evaluation of the apps used. This evaluation not only includes purely technical aspects based on analysing real data streams, but also the results of (semi-)automated analyses of legal texts, i.e., the General Terms and Conditions and the data privacy statements provided by the app operators.
Recent studies, including one by the consumer watchdog magazine Stiftung Warentest, indicate that such an analysis of legal texts is essential. Apps frequently demand access to the personal data of consumers and users even though such data is totally superfluous to the specific function of the app. Here, some flashlight apps which demand access to the user’s contacts and communication content are prominent as especially negative examples.
© Quelle des eingebunden Bildes (Smartphone umschlungen von Sicherheitskette): weerapat1003 – Fotolia.com
ConsortiumPrivacyGuard is run by an interdisplincary consortium. Members of this coopertation are, besides Selbstregulierung Informationswirtschaft e.V. (SRIW), mediaTest digital GmbH, Quadriga Hochschule GmbH and Institut für Angewandte Informatik e. V. (InfAi).
Selbstregulierung Informationswirtschaft e.V. (SRIW)
The three areas of consumer protection, data privacy and apps are closely intertwined. Given the growing importance of the way they are connected, it is hardly surprising that publications regularly address this issue. The following presents a collection of informative articles, websites and essays. Although this collection is regularly updated, it does not claim to be exhaustive. If you have suggestions for additions to the list, they can easily be submitted via our contact form.
https://mobilsicher.de/ - durch das BMJV gefördertes Portal für mehr Sicherheit auf Smartphone und Tablet
- Rechtsdurchsetzung im Verbraucherdatenschutz (PDF) - Prof. Dr. Gerald Spindler, Prof. Dr. Christian Thorun, Jörn Wittmann, Friedrich-Ebert-Stiftung (Mai 2016)
Trick with treat – Reciprocity increases the willingness to communicate personal data - Universität Luxemburg (März 2016)
Consumer Openness Index 2016 (PDF): Where Do you stand? - Studie von Open-Xchange und march Communications (März 2016)
BigData A European Survey on the opportunities and Risks of Data Analytics - Studie der Vodafone Institut für Gesellschaft und Kommunikation GmbH (Januar 2016)
The Economic Risk of Confidential Data on Mobile Devices in the Workplace - Studie des Ponemon Institute gesponsert von Lookout Inc (Januar 2016)
So gehen Internet-Nutzer in Deutschland mit AGB und Datenschutzbedingungen um - Umfrage des DIVSI (Deutsche Institut für Vertrauen und Sicherheit im Internet) (Oktober 2015)
ct'2015 Heft 9, S. 130ff. "Durchleuchtet - Schnüffel-Apps durch Analyse und Monitoring aufdecken" - Möglichkeiten das Datenverhalten von Apps zu analysieen
Whitepaper Selbstdatenschutz (PDF) - Forum Privatheit und selbstbestimmtes Leben in der digitalen Welt (Nov. 2014)
A Mobile Data Breach Could Cost an Enterprise $26.4 Million - Ergebnis einer Studie von Lookout Inc zusammen mit dem Ponemon Institute
Stiftung Warentest, 3/2016, S. 57 ff. "Lange Texte, wenig Inhalt" - Datenschutzerklärungen von Internetdiensten im Test