The architecture of the VisiOn Privacy Platform (VPP) is shove in the picture below. The VPP will provide services for (i) citizens and (ii) Public Administration (PA). The perspective of the PA is twofold: (i) that of a service provider when interacting with citizens, and (ii) that of a user when relying on other PAs or third parties (external organisations including cross border).
From a citizen’s perspective, the VPP will provide the following services:
- Support the elicitation and analysis of the citizen’s data privacy requirements.
- Demonstrate whether the citizen’s data privacy requirements are consistent (i.e. the citizen does not have conflicting privacy requirements).
- Determine the Privacy Level Agreement (PLA) for the citizen given their data privacy requirements.
- Provide useful insights on the economic value of their digital data and social footprint.
- Undertake privacy threat and trust analysis to make the citizen aware of the privacy risks and the level of trustworthiness that can be placed on PAs that require private data and therefore assisting decisions regarding data sharing. The analysis will consider the interplay between the trust level and the required privacy level, providing suggestions to the user.
- Notify the citizen whether the PA complies with relevant European laws and regulations.
- Monitoring the citizen data privacy level provided by the PA and then guarantees enforcement of their PLA.
- Enable the citizen to check whether their PLA is conflicting with SLAs defined by PA departments for services they provide.
- Allow the citizen to visualise all of the above functionalities therefore supporting privacy-related decisions.
From a Public Administration’s (PA’s) perspective, the VPP will provide the following services:
- Enable assessment of the PA’s privacy requirements with respect to the aggregated user data.
- Determine the Privacy Level Agreement (PLA) of the PA.
- Undertake privacy threat and trust analysis to make the PA aware of the privacy risks and the level of trustworthiness they should place on organisations (third parties the PA interacts with) with whom they might share information and to the different groups of PA employees.
- Inform the PA whether relevant European laws and regulations are satisfied by other PAs they share the user data with.
- Monitor the data privacy level provided by other PAs that the PA under consideration exchanged data with and guarantee enforcement of its PLA.
- Allow the PA to visualise all of the above functionalities.
The VisiOn Privacy Platform (VPP) consists of a series of components (both front-end and back-end).