From green to red
‘Based on user preferences we came up with a simple label, comparable to an energy label,’ explains Barth. ‘The score is assigned based on how the service collects and shares data, based on what level of control users have and the level of security provided to protect the data. What kind of information is collected and why? Is it anonymized? Can users opt-out of sharing their data? The privacy label summarizes answers to these – and many more - questions.’
For example, if an online service only uses data for functionality, they don’t receive any penalty points and are given the best rating: A. Do they use data for customization? Then they get one penalty point and are downgraded to B. And so on. ‘The label is based on the total amount of penalty points,’ clarifies Barth. ‘The final rating is a visual indication of risk – green for the lowest risk, dark red for the highest.’
After five years of development, the Privacy Rating is now ready to be used. ‘For now, online providers can fill in a questionnaire and their answers determine their rating. Here we have to trust the honesty of the service providers. In order to make the tool more reliable and less subjective, we are looking for partners who can act as an independent approval authority and support us to maintain and disseminate the tool,’ says Barth.
‘We are still searching for the right way to implement the tool in practice,’ adds the UT scientist. ‘However, users told us they really appreciated it, that it’s something that is currently missing. It won’t change the business model of large companies, such as Google, but it works very well for smaller enterprises. Imagine that you are interested in three similar apps, but each has a different privacy rating. Then you might choose the one with a better score. It can also help companies to find a better way to handle user data. We think it is a great tool with a lot of potential and we hope to make it a European standard.’
privacy rating project
The NWO-funded project involves scientists from the Services and CyberSecurity Group (EEMCS faculty), as well as from various groups at the BMS Faculty at the UT. Namely professor Hartel, Dan Ionita, Susanne Barth, professor Menno de Jong and professor Marianne Junger.