by Ioannis Chrysakis (FORTH-ICS and Ghent University), Giorgos Flouris (FORTH-ICS), Theodore Patkos (FORTH-ICS) and George Ioannidis (IN2 Digital Innovations GmbH)
CAP-A is offering socio-technical tools to promote collective awareness and informed consent, whereby data collection and use by digital products are driven by the expectations and needs of the consumers themselves.
Consumers are currently generating vast amounts of data, mostly through applications installed in smart devices, such as mobile phones and smart TVs. Since much of this data is personal, it is important for users to know everything about the use of their data, including whether apps are compliant with the recently established GDPR legislation, or which device permissions are mandatory and why.
However, this is practically impossible, since the utilisation of such data by apps is usually hidden behind vague privacy policy documents, which are often lengthy, difficult to read (due to the legal terms and definitions they contain) and frequently changing.
At the heart of the CAP-A project [L1] is the hypothesis that data protection can also be powered by society itself. By mobilising consumers to become active players in digital marketplaces and by developing tools to harness our collective power, the adoption of technical and regulatory frameworks can become more effective and ubiquitous, and the market will respond, largely because it is profit-maximising.
To this end, CAP-A is offering socio-technical tools to promote collective awareness and informed consent, whereby data collection and use by digital products are driven by the expectations and needs of the consumers themselves.
The CAP-A tools
In the CAP-A project, we have developed a set of tools that employ crowdsourcing techniques to support consumers in expressing their privacy concerns and expectations (Figure 1), annotating PrP documents (Figure 2), and better understanding privacy-related information regarding the used apps [1].
Figure 1: Expressing privacy expectations in CAP-A.
Figure 2: Annotating the PrP document of an app with CAP-A.
The CAP-A tools are freely available online for anyone to use [L2]. They include a CAP-A portal and an accompanying native Android CAP-A app. The CAP-A project is part of the CAPrice initiative [L3], a grassroots community that exists to apply crowdsourcing solutions to raise awareness about and provide solutions to privacy-related matters.
The CAP-A approach assesses mobile apps along two different metrics (Figure 3), which quantify their privacy-related behaviour as assessed by consumers. To enhance participation and provide motivation for active contribution to the platform, we apply a unified rewarding strategy [2] that includes gamification features for active consumers and developers such as points and tiers for users (Figure 4).
Figure 3: Visual Cues of CAP-A: Community metrics.
Figure 4: Visual Cues of CAP-A: Rewarding Tiers.
Results
The CAP-A portal has digested privacy-related information about more than 19,000 Android apps, which is available for users to explore. During the project, 164 users registered and used the CAP-A portal, whereas 51 users installed the mobile app. Their contributions resulted in the expression of personal expectations for about 567 apps and in 1181 annotations on different Privacy Policy documents.
Beyond the portal and the project website, our communication and dissemination activity has reached hundreds of users in social media, helped grow the CAPrice Community, namely the mailing list by 240% (455 users, as of April 2021) and the total community size, including social media followers, by 143% (1563 users/followers/subscribers, as of April 2021). The CAP-A project appeared in 7 scientific venues and 12 wide public events.
One of the main objectives set at the beginning of the project, i.e., to attract the interest of a considerable number of users to start generating informative privacy norms, has thus been achieved. The CAP-A dashboard, which is encapsulated in the CAP-A portal, provides a wealth of statistics, such as the percentage of consumers who considered it reasonable to allow access to a certain type of data, such as camera or contacts, for a given app category [L4]. This information can be used by stakeholders (e.g., developers, social scientists, policy makers) to conduct analyses and interpret the behaviour and mind-set of various user groups, according to age or other demographic characteristics.
None of this would be possible without consumer participation. So, in order to increase the number of user contributions in the CAP-A tools, it is critical for the formulated CAPrice community to become self-sustainable and grow. Our aim is for consumers to realise that we are all responsible for raising privacy awareness.
Project details
The CAP-A project received funding from the EU Horizon 2020 research and innovation programme under the NGI TRUST grant agreement no 825618. The project began in August 2019 and was planned to run for one year; however, due to the COVID-19 pandemic, an extension until the end of 2020 was granted. The project consortium consisted of FORTH and IN2 Digital Innovations. FORTH is the largest research institute in Greece; FORTH coordinated the project and participated with the Institute of Computer Science (ICS) and the PRAXI Network. IN2 Digital Innovations, is a software development company offering web-based solutions. Through CAPrice, the outcomes of the project will be maintained in the future.
Links:
[L1] https://www.cap-a.eu
[L2] https://www.cap-a.eu/tools/
[L3] https://www.caprice-community.net/
[L4] https://cap-a.eu/portal/#stats
References:
[1] I. Chrysakis et al.: “Evaluating the data privacy of mobile applications through crowdsourcing,” in Legal knowledge and information systems, virtual event, 2020, vol. 334, pp. 219–222.
[2] I. Chrysakis, et al: “REWARD : ontology for reward schemes,” in Proc. of ESWC 2020, Heraklion, Crete, Greece, 2020.
Please contact:
Ioannis Chrysakis, FORTH -ICS,
Tel: +30 2811 391635
