Skip to main content

PRISMS: Privacy and Security Mirrors

Table of contents

Project Structure

The PRISMS project analyses the traditional trade-off model between privacy and security and works towards a more evidence-based perspective for reconciling privacy and security, trust and concern. It has examined how technologies aimed at enhancing security are subjecting citizens to an increasing amount of surveillance and, in many cases, causing infringements of privacy and fundamental rights. PRISMS conducted both a multi-disciplinary inquiry into the concepts of privacy and security and their relationships and an EU-wide survey to determine whether people evaluate the introduction of security technologies in terms of a trade-off. As a result, PRISMS will determine the factors that affect the public assessment of the security and privacy implications of a given security technology. The project is using these results to devise a decision support system (DSS) providing users (those who deploy and operate security systems) insight into the pros and cons, constraints and limits of specific security investments compared to alternatives taking into account a wider society context.

Objectives and Goals

The  primary objective of  PRISMS is to provide users with a decision support  system (DSS)  that gives them an insight into the  pros  and  cons  of  specific  security investments compared to a set of alternatives, taking into account a wider societal context.

To achieve this objective, PRISMS has developed a proper conceptual frame that positions security and privacy, trust and concern, in relation to each other, and that is empirically validated by the Europe wide survey.

The PRISMS project will help ensure the security of citizens while respecting fundamental rights,  including  the  protection  of  privacy  and  personal  data,  through  its  analysis  of technologies used for security and privacy, the policy assessment of security and privacy, its criminological  and  legal  analysis,  its  public  discourse  analysis  as  reflected  in  the  media  and analysis  of  existing  public  opinion  surveys.

Expected Impact

PRISMS will deliver informed  analysis as well as a practical methodology  for considering  alternative  security  investments  (not  simply  investments  in  alternative technologies,  but  also  organisational  and  policy  alternatives),  which  will  be  useful  for  investors and other  stakeholders concerned about reconciling security and privacy, trust  and  concern.  The decision support system developed in PRISMS will provide guidelines for a priori  reasoning  about  possible  conflicts  arising  from  security decisions and offer possible solutions to those conflicts.

Research & Results

Work package 1 – Developing a common research framework

For most citizens, the meaning of privacy and security seems obvious because they have an implicit feeling about them that some may call “common sense”. However, both are colourful notions. This becomes evident when looking at the definition of the terms and their framing in different scientific disciplines. Therefore, a clear understanding of the terminology and the research questions is necessary. This work package developed a common understanding of the research questions and the terminology used in PRISMS; planned  subsequent work packages in detail so that there could be congruence of approach of the partners’ work and, developed a conceptual frame leading to the ultimate development of a decision support system.

Work package 2 – Analysis of security and privacy technologies

This work package provided an overview of current developments and trends in security and privacy technologies and their inter-relationships by collecting and studying technology reports, foresights and roadmaps in the field of security and privacy. It analyses how users attribute meaning to privacy and security technologies. It developed illustrative examples that were used in the survey and monitors relevant developments in security and privacy technologies occurring during the course of PRISMS.

Work package 3 – Policy assessment of security and privacy

This work package assessed the dominant framework in force in security policy circles concerning security and privacy and analysed the policy approach of the relationship between privacy and security and the perception concerning citizens. Policy documents reveal how security and privacy technologies are perceived by policy-makers, how they reflect certain expectations and ambitions. A discourse analysis of the meanings, expectations and ambitions with regard to the fulfilment of policy ambitions and the use of security/privacy technologies shed light on the perception of security and privacy implications by citizens. This work package includes an inventory of the most relevant security and privacy related policy documents of the past decade within the European Union and selected Member States, a discourse analysis of these documents, followed by monitoring security and privacy policy developments in different contexts.

Work package 4 – Criminological analysis

This work package  conceptualised the notions of security and privacy from a criminological perspective and then used this knowledge base to provide input into the development of the survey (on citizens’ perceptions of the relationships and interdependencies between security and privacy), its concepts, questions and hypotheses. This work package will contextualise the survey results based on the criminological knowledge base about crime (control) and public opinion and the results of a qualitative research case study. This work package focuses on how the new surveillance practices in the European field of crime control came into being, what technologies, actors and institutions have been mobilised and involved and what rationalities have come to shape, connect and transform notions of crime control, security and surveillance. A qualitative case study on security in airports has been used to further develop and refine the PRISMS conceptual framework and understanding of citizens’ attitudes and opinions.

Work package 5 – Privacy, data protection and security from a legal perspective

This work package analysed the legal conceptualisations of privacy and data protection on the one hand, and security on the other. It analysed the legal relationships between privacy and security, and between data protection and security. It provided legal input on issues of privacy, data protection, security and their legal relationship for the preparation and conception of the survey. The consortium carried out a state-of-the-art analysis of legal approaches to privacy and data protection; investigated their relationship; analysed the meaning of both privacy and security from the point of view of constitutional theory and delved into the legal significance of individuals’ choices in relation to privacy, data protection and security.

Work package 6 – Privacy and Security in the Media

There are strong interrelations between public discourses, media reporting and the individual and collective perception of privacy and security. However, for the whole of Europe and even for individual Member States, a continuous and comparative content analysis that identifies discourse patterns and differences between different risks is still a desideratum. Therefore, this work package identifies important topics regarding privacy and security covered in the media, maps the media landscape in Europe and analyses how the media constructs notions of “privacy” and “security” and their impact on citizens’ perceptions.

Work package 7 – Analysis of existing public opinion and social values surveys

In this work package, the consortium analysed existing surveys on privacy, security, surveillance and trust with an evaluation of their reliability, shortfalls and applicability for policy-makers. This research informed the design and development of the survey that the consortium undertook in each EU Member State (under work package 9). This work package involved a detailed analysis of existing public opinion surveys on privacy, security, surveillance and trust, a meta-analysis, a review of survey questioning techniques, shortcomings, lessons learned and longitudinal comparisons, and an analysis of social value surveys.

Work package 8 – First integration of results

This work package combined and compared the results from all prior work packages and verified them through expert interviews. It developed hypotheses about the public’s privacy and security perceptions to be tested in the survey and developed a concept for the statistical analysis of the survey results.

Work package 9 – Survey of citizens’ privacy and security perceptions

The main task of this work package involved the preparation and conduct of a representative, trans-European survey, including 27,000 telephone interviews to ascertain citizen’s privacy and security perceptions. The preparation involved assessing and refining of hypotheses (through focus groups), designing and testing of questions. Data collection used a quota sampling approach, and employed random digit dialing (RDD) telephone methodology in all countries, using both landline and mobile telephones. This survey will help determine whether people evaluate the introduction of security technologies in terms of a trade-of and the public attitude/opinion in relation to this trade-off/relationship. It will also determine the factors that affect public assessment of the security and privacy implications of a given security technology.

Work package 10 – Second integration – Interpretation of results

Work package 10 will carry out advanced statistical analysis to answer the central quantitative questions, test hypotheses and explain the interrelationship between privacy and security attitudes. This work package will put the citizen’s survey results into context. To test and validate our findings in advance of using them for the final stage of the project, the consortium will organize a number of small-scale deliberative workshops. These workshops will discuss, inter alia, the potential risk of dual use of the Decision support system to manipulate public opinion by those wishing to promote or undermine support for security interventions and possible countermeasures to consider when designing the DSS.

Work package 11 – Decision support system

One of the main objectives of PRISMS is to design a “decision support system providing for insight into the pros and cons of specific security investments compared to a set of alternatives taking into account a wider societal context”. The audience of the decision support system is the users, i.e., the stakeholders responsible for security investments.

The decision support system provides support for decision-making, i.e., it is not the decision-making “device” itself. The system has been developed based on methods of risk assessment and stakeholder involvement as elaborated in other domains. The decision support system offers an analytical frame in which pros and cons of the alternatives are weighed in a number of policy-relevant dimensions. The result is a multi-dimensional framework assessing the impact of a specific investment decision against a number of identified alternatives.

Work package 12 – Dissemination and liaison

This work package focuses on identifying and reaching out to stakeholders to raise their awareness about the research and findings of PRISMS and to encourage them to support the project’s recommendations. A dissemination strategy will elaborate the consortium’s stakeholder engagement and dissemination activities (e.g. project website, press releases, journal article papers, conference presentations, final conference).

Publications

The following publications stem from the work completed in the duration of the PRISMS project.

2015

2014

  • González Fuster, Gloria and Serge Gutwirth (2014) “Ethics, Law and Privacy: Disentangling Law in from Ethics in Privacy Discourse”, in Proceedings of the 2014 IEE International Symposium on Ethics in Science, Technology and Engineering, 23-24 May 2014, Chicago. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6893376.
  • González Fuster, Gloria (2014), ‘How uninformed is the average data subject? A quest for benchmarks in EU personal data protection” in Balcells, J., Cerrillo i Martínez, A., Peguera, M., Peña-López, I., Pifarré de Moner, M.J., & Vilasau Solana, M. (eds.) Internet, Law and Politics. A decade of transformations. Proceedings of the 10th International Conference on Internet, Law & Politics. Universitat Oberta de Catalunya, Barcelona 3-4 July, 2014. Barcelona: UOC-Huygens Editorial, ISBN: 978-84-697-0826-2, pp. 241-258. http://edcp.uoc.edu/proceedings_idp2014.pdf

2013

  • Finn, Rachel L., David Wright, and Michael Friedewald, “Seven types of privacy”, in Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet (eds.),European Data Protection: Coming of Age, Springer, Dordrecht, 2013, pp. 3-32.
  • van Lieshout, Marc, Michael Friedewald, David Wright, and Serge Gutwirth, “Reconciling privacy and security“, Innovation: The European Journal of Social Science Research, Vol. 26, No. 1-2, 2013.

2012

  • Lagazio, Monica, “The evolution of the concept of security”, The Thinker, Vol. 43, 2012, pp.36-41.

Consortium

The PRISMS project was undertaken by a large and varied consortium of partners from across Europe, including:

Fraunhofer ISI – Project Coordinator

The Fraunhofer Institute for Systems and Innovation Research (ISI) is part of the Fraunhofer Society for the advancement of applied research, the largest organisation for applied research in Europe.  Fraunhofer  ISI  conducts  interdisciplinary  research  at  the  interface  of  technology, economy  and  society under  contract  to  the  European  Commission,  the  German Federal Ministry  of  Education and  Research (BMBF),  the  Office  of  Technology  Assessment at  the German Parliament (TAB), other ministries and industrial companies.

Persons involved in the project:

Dr.  Michael  Friedewald  (Project  Co-ordinator)

Dr.  Simone  Kimpeler

Dara  Hallinan

Jana Schuhmacher

Kerstin Goos

Trilateral Research & Consulting

Trilateral, a niche research and advisory consultancy, specialises in research and providing strategic, policy and regulatory advice on new technologies, privacy, data protection, trust, risk and security issues. Trilateral particularly seeks to help policy-makers improve policy and decision-making in privacy and security, through specialised research and analysis and provide the public and private sectors with practical solutions to address new emerging regulatory and technological challenges. Trilateral has initiated and organised many consortia and proposals under EC FP7 and FP6 programmes.

Persons involved in the project:

David Wright

Kush Wadhwa

Rachel Finn

David Barnard-Wills

Hayley Watson

Vrije Universiteit Brussel

The  interdisciplinary  Research  Group  on  Law  Science  Technology  &  Society  at  the  Vrije Universiteit  Brussel  (LSTS),  is  devoted  to  analytical,  theoretical  and prospective  research  into  the  relationships  between  law,  science,  technology  and  society. While LSTS’s core expertise is legal, it has a strong experience and track record in legal theory,  philosophy  of  sciences  and  bio-ethics,  and  engages  in  criminological  and  STS-research too. The LSTS team publishes widely and has been involved in internationally networked research projects. LSTS is the main organiser of the annual “Computers, Privacy & Data Protection” (CPDP) Conferences (www.cpdpconferences.org).

Persons involved in the project:

Serge  Gutwirth

Paul De Hert

Kristof  Verfaillie

Gloria González Fuster

Jenneke Christiaens

Francesca Menichelli

Imge Ozcan

TNO

TNO is the largest Dutch Research and Technology Organisation focusing on applied research, realising impact when addressing societal challenges. As of January 2011, TNO organises its activities in themes, one of the themes being the Information Society. TNO was founded by the Dutch government 80 years ago and has since been a major consultant and research institute on a wide variety of technological and societal challenges for national and European government, leading business companies and societal organisations. It has 4000 researchers working on one of the seven themes of the TNO organisation.

Persons involved in the project:

Marc van Lieshout

Gabriela Bodea

Anne Fleur van Veenstra

Bas van Schoonhoven

University of Edinburgh

The University of Edinburgh has an international reputation, with a research ranking in the top five in the UK and first in Scotland. It collaborated in about 180 FP6 projects (€45 million). The School of Social and Political Science (SSPS) embraces Politics and International Relations, Sociology, Science Studies, the Research Centre for Social Sciences, etc. Members of the School have close links with the Institute for the Study of Science, Technology and Innovation (ISSTI), as well as with the law and technology research centre (SCRIPT) in the School of Law.

 

Persons involved in the project:

Professor Charles D. Raab

Eötvös Károly Policy Institute

The  Eötvös  Károly  Policy  Institute  (EKINT)  is  a  small  research  and  policy  organization created  in  2003  by  the  Soros  Foundation  in  Budapest,  in  order  to  establish  a  novel, unconventional institutional framework for shaping democratic public affairs in Hungary. The Institute  is  deeply  committed  to  the  liberal  interpretation  of  constitutionality,  constitutional democracy, and individual rights. EKINT has been a partner in EU-supported projects such as BROAD, ETICA and LiSS COST Action.

Persons involved in the project:

Dr.  Iván  Székely

Dr. Szonja Navratil

Dr. Erik Uszkiewicz

 

Hogeschool Zuyd (ZUYD) – Infonomics and New Media Research Centre

The Infonomics and New Media Research Centre (INM) is a research unit within the ICT Faculty of Zuyd University of Applied Sciences, specializing in research concerning IT, digitisation and society, with a strong focus on digital identities. INM currently consists of a multi-disciplinary team of teaching staff and researchers, representing a range of disciplines: philosophy, sociology, ethics, law, communication and media theory, computer science and software engineering.

Persons involved in the project:

Dr. Irma van der Ploeg

Dr. Jason Pridmore

Dr. Govert Valkenburg

Ipsos MORI

Ipsos MORI is a full-service market and social research agency based in the UK and is part of the international  Ipsos  Group.  It  delivers  market  and  social  research  for  a  wide  range  of public, private and third sector clients using a variety of quantitative and qualitative research techniques.  Ipsos MORI is the second largest market and social research agency in the UK and the third largest  in  Europe  and  has  an  extensive  international  research  capacity  thanks  to  strong  links with Ipsos companies around the globe. Ipsos  MORI  is  a  member  of  the  Market  Research  Society  (MRS),  ESOMAR  (the  European Society  for  Opinion  and  Marketing  Research),  WAPOR  (World  Association  for  Public Opinion  Research),  BPC  (British  Polling  Council)  and  BMRA  (British  Market  Research Association) and, as such, adheres to their Codes of Conduct.

Persons involved in the project:

Gideon  Skinner

Peter Cornick