The EU-funded Privacy Flag project helps people to check that their data is protected online.

Privacy Flag: a smart system that helps check our data is protected

As internet use becomes an integral part of our daily lives, the protection of our personal data is more and more
important. We do not want to - or, often, we cannot - miss out on the services offered by the web, but at the same time
we want our privacy to be respected. A number of laws govern what happens to our data: but how can the owners of
applications and websites be sure that they comply with the EU’s General Data Protection Regulation (GDPR), Swiss data
protection law and US data protection law?

The Privacy Flag project proposes an innovative way of assessing compliance: the Universal Privacy Risk Area Assessment Methodology (UPRAAM), the basis to develop a set of tools to help citizens to check that their rights as data subjects are being respected and access the privacy certification.

The EU has taken the lead internationally by creating a legal framework to protect its citizens’ rights and interests in their personal data: the General Data Protection Regulation (GDPR). However, creating a global privacy protection framework is much more complicated: data collected via the internet can easily be transferred across borders, and many personal data-collecting applications have been developed, and are located, outside the jurisdiction of the EU. Even where privacy protection exists, most people have little experience of applying and enforcing privacy norms.

To tackle this, the Privacy Flag project carried out research to develop the combined potential of crowdsourcing, ICT technologies and legal expertise to protect citizens’ privacy when they visit websites, use smartphone applications, or live in a ‘smart city’. It created a smartphone application, a web browser add-on, and a public website, all connected to a shared knowledge database, to help citizens to monitor and control their privacy. It also created a voluntary mechanism for organisations outside the EU to conform to European Data Protection Law.

Privacy Flag in brief

  • Total Budget: EUR 4,538,437.50 (EU-contribution: EUR 3,142,999.75)
  • Duration: 05/2015-05/2018
  • Countries involved: Greece (coordinator), Switzerland, Denmark, United Kingdom, Serbia, Sweden, Luxembourg

Key figures in the European Union

  • Privacy Flag gathers outcomes from over 20 individual research projects.
  • The project combines “endo-protection”, protecting citizens’ privacy from unwanted external access, and “exo-protection”, providing a collective protection framework.
  • In September 2017 the Commission adopted a cybersecurity package to improve EU cyber resilience and response.

Cybersecurity and trust

While opening up new opportunities for citizens to connect and disseminate information, digital technologies have also brought about new risks. These include increasing cyber-attacks and fraud, stealing data, and attempts to destabilise our democracies. It is crucial to invest in cybersecurity, as trust and awareness are the foundation for a functioning Digital Single Market.

The EU has responded to these challenges, for example by adopting the Directive on Network and Information Security and proposing a new mandate for the European Network and Information Security Agency (ENISA) along with a new framework for certifying cybersecurity in digital products and solutions. The Commission’s proposed new Digital Europe Programme also includes EUR 2 billion of funding for cybersecurity.