Objectives: Recent developments of mobile applications with regards to ubiquitous internet connectivity enable the seamless and borderless integration of web services for collecting, linking and analysing all kinds of information anywhere in the world in huge scale. Various geo-location systems allow for the positioning of mobile users whilst biometric, medical and environmental sensors are increasingly integrated in mobile devices. All of these data are constantly generated on mobile devices and can be made available to cloud services in real time. While this new level of information availability provides promising opportunities of improving biometric recognition in general (e.g. by adopting algorithms and system parameters to the known actual context) it also poses strong challenges with respect to privacy. This includes the necessity of services to limit the usage of personal data according to, and strictly limited to, the purposes accepted by users. Furthermore it is necessary that users are actively being informed about the actual usage of their data and they are provided with technical means to effectively adopt their consent (for example, by limiting the data usage). Obviously, this poses a challenge for all highly distributed services processing personal data, however it is particularly relevant for the inherently-privacy related biometric data in mobile scenarios. While the upcoming EU General Data Protection Regulation (GDPR) promises to provide a harmonised legal framework for the processing of sensitive personal data in general in the EU, additional technical concepts will be required that practically enforce the data protection and prevent non-conforming usage of data even outside the legal force of European law. This project addresses research on such new concepts that implement informed consent (“notice and choice”) of users of mobile biometric application by technical mechanisms (privacy by design). The following aspects shall be researched over a period of three years: a) analysis of cross-system data flow with regards to biometric and related personal meta data, information linkage and information leakage, b) elaboration of data protection profiles for biometrics in mobile scenarios, c) concepts of complete presentation and user understanding of linkage of pseudo-anonymised data across systems, d) transparent privacy – design of concepts for managing the use of personal data across systems, informing users regarding the actual usage of their biometric data and explaining the implications: where, how and for which purpose is the data being processed, e) user-determined and user-controlled interference: design of concepts for effective implementation of user rights with regards to personal data protection, f) review of potential cryptographic methods and protocols for implementing the user-determined and user-controlled interference, including limitation to specific geographic areas and partial withdrawal of consent and g) demonstration and evaluation of an exemplary use-case in cooperation with other ESRs.

Expected Results: The expected results will provide insights into the flow of sensitive information in distributed, mobile biometric application scenarios and derive a scheme for a protection profile towards user-centric and self-determined privacy management in mobile biometrics. Furthermore, on a conceptual level, new methods for user understanding of linkage of pseudo-anonymised data, transparent management of actual usage of biometric data and effective technical implementation of user rights will be documented. Based on these conceptual outputs, a review documentation on potential cryptographic methods appropriate for realisation of requirements will be elaborated. Finally, this project will result in the design and implementation of a demonstrator, along with a practical evaluation regarding the achieved privacy gain.

Planned secondment(s): There are two secondments planned for this project. The first is a six-month secondment with UNIROMA3. During this secondment, the basic impact factors for improving recognition accuracy by considering the actual user context will be considered, analysed and structured regarding their privacy relevance and eventually matched and refined against the conceptual output. The output of these secondments are the first versions of the conceptual designs. The expected results of this secondment are: design, setup and implementation of experimental scenarios to study the recognition accuracy under both contextual parameters and a self-determined privacy concept. Based on these scenarios, the researcher will identify relevant cases of inter-dependency of these two design goals and allow the assessment and/or optimisation of focussed case scenarios for the remaining research duration. The second secondment is with SKALLI and will emphasise work towards delivering D6.13 the Industrial Recommendations Whitepaper and Demonstrator on potential Cryptographic Methods appropriate for Realisation of Privacy Requirements. The expected results of this secondment are: joint finalisation of the Industrial Recommendation Whitepaper and the industry-oriented layout of the demonstrator, in context of the requirements and constraints of network service company and reel-world customer needs. Furthermore the researcher will have insights in the practical productivity chain of a commercial enterprise and the challenges and thus gain competences required for a potential career in commercial companies.

Start Date: October 2017