Table of contents
The PRISMS project analyses the traditional trade-off model between privacy and security and works towards a more evidence-based perspective for reconciling privacy and security, trust and concern. It has examined how technologies aimed at enhancing security are subjecting citizens to an increasing amount of surveillance and, in many cases, causing infringements of privacy and fundamental rights. PRISMS conducted both a multi-disciplinary inquiry into the concepts of privacy and security and their relationships and an EU-wide survey to determine whether people evaluate the introduction of security technologies in terms of a trade-off. As a result, PRISMS will determine the factors that affect the public assessment of the security and privacy implications of a given security technology. The project is using these results to devise a decision support system (DSS) providing users (those who deploy and operate security systems) insight into the pros and cons, constraints and limits of specific security investments compared to alternatives taking into account a wider society context.
Objectives and Goals
The primary objective of PRISMS is to provide users with a decision support system (DSS) that gives them an insight into the pros and cons of specific security investments compared to a set of alternatives, taking into account a wider societal context.
To achieve this objective, PRISMS has developed a proper conceptual frame that positions security and privacy, trust and concern, in relation to each other, and that is empirically validated by the Europe wide survey.
The PRISMS project will help ensure the security of citizens while respecting fundamental rights, including the protection of privacy and personal data, through its analysis of technologies used for security and privacy, the policy assessment of security and privacy, its criminological and legal analysis, its public discourse analysis as reflected in the media and analysis of existing public opinion surveys.
PRISMS will deliver informed analysis as well as a practical methodology for considering alternative security investments (not simply investments in alternative technologies, but also organisational and policy alternatives), which will be useful for investors and other stakeholders concerned about reconciling security and privacy, trust and concern. The decision support system developed in PRISMS will provide guidelines for a priori reasoning about possible conflicts arising from security decisions and offer possible solutions to those conflicts.
Research & Results
Work package 1 – Developing a common research framework
For most citizens, the meaning of privacy and security seems obvious because they have an implicit feeling about them that some may call “common sense”. However, both are colourful notions. This becomes evident when looking at the definition of the terms and their framing in different scientific disciplines. Therefore, a clear understanding of the terminology and the research questions is necessary. This work package developed a common understanding of the research questions and the terminology used in PRISMS; planned subsequent work packages in detail so that there could be congruence of approach of the partners’ work and, developed a conceptual frame leading to the ultimate development of a decision support system.
Work package 2 – Analysis of security and privacy technologies
This work package provided an overview of current developments and trends in security and privacy technologies and their inter-relationships by collecting and studying technology reports, foresights and roadmaps in the field of security and privacy. It analyses how users attribute meaning to privacy and security technologies. It developed illustrative examples that were used in the survey and monitors relevant developments in security and privacy technologies occurring during the course of PRISMS.
- Preliminary report on technology (D2.1).
- Report on the mutual shaping processes between technologies and conceptions of security (D2.2)
- Final report on current developments on security and privacy technologies (D 2.3)
Work package 3 – Policy assessment of security and privacy
- An overview of privacy and security policy documents in the EU, six Member States and the United States (D3.1 Part I)
- A discourse analysis of selected privacy and security policy documents in the EU (D3.1 Part II)
- Privacy and security in key EU and International policy documents: Updated overview (D3.2)
Work package 4 – Criminological analysis
This work package conceptualised the notions of security and privacy from a criminological perspective and then used this knowledge base to provide input into the development of the survey (on citizens’ perceptions of the relationships and interdependencies between security and privacy), its concepts, questions and hypotheses. This work package will contextualise the survey results based on the criminological knowledge base about crime (control) and public opinion and the results of a qualitative research case study. This work package focuses on how the new surveillance practices in the European field of crime control came into being, what technologies, actors and institutions have been mobilised and involved and what rationalities have come to shape, connect and transform notions of crime control, security and surveillance. A qualitative case study on security in airports has been used to further develop and refine the PRISMS conceptual framework and understanding of citizens’ attitudes and opinions.
- Public assessments of the security/privacy trade-off: a criminological conceptualization (D4.1)
- Final criminological report – To Fly or Not to Fly? – Imposing and undergoing airport security screening beyond the security-privacy trade off (D4.2)
Work package 5 – Privacy, data protection and security from a legal perspective
This work package analysed the legal conceptualisations of privacy and data protection on the one hand, and security on the other. It analysed the legal relationships between privacy and security, and between data protection and security. It provided legal input on issues of privacy, data protection, security and their legal relationship for the preparation and conception of the survey. The consortium carried out a state-of-the-art analysis of legal approaches to privacy and data protection; investigated their relationship; analysed the meaning of both privacy and security from the point of view of constitutional theory and delved into the legal significance of individuals’ choices in relation to privacy, data protection and security.
- Discussion paper on legal approaches to privacy/data protection, security. (D5.1)
- Consolidated legal report on the relationship between security, privacy and personal data in EU law(D5.2)
- Paper on the legal significance of individual choices and the relationship between security, privacy and personal data protection (D5.3)
Work package 6 – Privacy and Security in the Media
There are strong interrelations between public discourses, media reporting and the individual and collective perception of privacy and security. However, for the whole of Europe and even for individual Member States, a continuous and comparative content analysis that identifies discourse patterns and differences between different risks is still a desideratum. Therefore, this work package identifies important topics regarding privacy and security covered in the media, maps the media landscape in Europe and analyses how the media constructs notions of “privacy” and “security” and their impact on citizens’ perceptions.
- Quantitative media analysis report (D6.1)
- Content and discourse analysis of security and privacy reporting in the media (D 6.2)
Work package 7 – Analysis of existing public opinion and social values surveys
In this work package, the consortium analysed existing surveys on privacy, security, surveillance and trust with an evaluation of their reliability, shortfalls and applicability for policy-makers. This research informed the design and development of the survey that the consortium undertook in each EU Member State (under work package 9). This work package involved a detailed analysis of existing public opinion surveys on privacy, security, surveillance and trust, a meta-analysis, a review of survey questioning techniques, shortcomings, lessons learned and longitudinal comparisons, and an analysis of social value surveys.
- Report on existing surveys (D7.1)
Work package 8 – First integration of results
This work package combined and compared the results from all prior work packages and verified them through expert interviews. It developed hypotheses about the public’s privacy and security perceptions to be tested in the survey and developed a concept for the statistical analysis of the survey results.
Work package 9 – Survey of citizens’ privacy and security perceptions
The main task of this work package involved the preparation and conduct of a representative, trans-European survey, including 27,000 telephone interviews to ascertain citizen’s privacy and security perceptions. The preparation involved assessing and refining of hypotheses (through focus groups), designing and testing of questions. Data collection used a quota sampling approach, and employed random digit dialing (RDD) telephone methodology in all countries, using both landline and mobile telephones. This survey will help determine whether people evaluate the introduction of security technologies in terms of a trade-of and the public attitude/opinion in relation to this trade-off/relationship. It will also determine the factors that affect public assessment of the security and privacy implications of a given security technology.
- Report on findings from qualitative focus groups (D9.1)
- Initial findings from the survey (available on request)
Work package 10 – Second integration – Interpretation of results
Work package 10 will carry out advanced statistical analysis to answer the central quantitative questions, test hypotheses and explain the interrelationship between privacy and security attitudes. This work package will put the citizen’s survey results into context. To test and validate our findings in advance of using them for the final stage of the project, the consortium will organize a number of small-scale deliberative workshops. These workshops will discuss, inter alia, the potential risk of dual use of the Decision support system to manipulate public opinion by those wishing to promote or undermine support for security interventions and possible countermeasures to consider when designing the DSS.
- Report on statistical analysis of the PRISMS survey (D 10.1) – expected June 2015
- Analysis of specific hypotheses in the field of surveillance oriented security practices (D 10.2)
Work package 11 – Decision support system
One of the main objectives of PRISMS is to design a “decision support system providing for insight into the pros and cons of specific security investments compared to a set of alternatives taking into account a wider societal context”. The audience of the decision support system is the users, i.e., the stakeholders responsible for security investments.
The decision support system provides support for decision-making, i.e., it is not the decision-making “device” itself. The system has been developed based on methods of risk assessment and stakeholder involvement as elaborated in other domains. The decision support system offers an analytical frame in which pros and cons of the alternatives are weighed in a number of policy-relevant dimensions. The result is a multi-dimensional framework assessing the impact of a specific investment decision against a number of identified alternatives.
- PRISMS Decision Support System (D11.3)
Work package 12 – Dissemination and liaison
This work package focuses on identifying and reaching out to stakeholders to raise their awareness about the research and findings of PRISMS and to encourage them to support the project’s recommendations. A dissemination strategy will elaborate the consortium’s stakeholder engagement and dissemination activities (e.g. project website, press releases, journal article papers, conference presentations, final conference).
- Proceedings of the final conference (D12.3)
- Report on the consortium’s dissemination activity (D 12.4)
- Conference book
The following publications stem from the work completed in the duration of the PRISMS project.
- Friedewald, Michael, Marc van Lieshout, Sven Rung, Merel Ooms and Jelmer Ypma (Forthcoming 2015), “Privacy and Security Perceptions of European Citizens: A Test of the Trade-off Model” in J. Camenisch et al (Eds.), Privacy and Identity 2014, IFIP AICT.
- Huijboom, Noor, and Gabriela Bodea (2015) “Understanding the Political PNR-debate in Europe: A Discourse Analytical Perspective“, Perspectives on European Politics and Society, Vol. 16, 2015.
- González Fuster, Gloria (2014), ‘How Uninformed is the Average Data Subject? A Quest for Benchmarks in EU Personal Data Protection“, IDP Revista de Internet, Derecho y Política, N° 19, November 2014, pp. 92-104, ISSN 1699-8154.
- Székely, Iván, “Surveillance – a megfigyelestol a megfigyelo tarsadalmakig és a megfigyelestudomanyig [Surveillance – From Surveillance to Surveillance Societies and Surveillance Studies]”, Replika, Vol. 89, No. 5, 2014, pp. 7-13.
- González Fuster, Gloria, (2014), “Fighting For Your Right to What Exactly? The Convoluted Case Law of the EU Court of Justice on Privacy and/or Personal Data Protection”, Birkbeck Law Review, Vol. 2 Issue 2, December 2014, pp. 263-278
- Wright, David, and Charles Raab, “Privacy principles, risks and harms”, International Review of Law, Computers & Technology, Vol. 28, No. 3, 2014, pp.277-298.
- Haita, Carolina and Daniel Cameron (2014) “Privacy or Security:A False Choice? European Citizens’ perceptions of privacy, personal data, surveillance and security”, Understanding Society, June 2014, IPSOS MORI pp12-16.
- González Fuster, Gloria and Serge Gutwirth (2014) “Ethics, Law and Privacy: Disentangling Law in from Ethics in Privacy Discourse”, in Proceedings of the 2014 IEE International Symposium on Ethics in Science, Technology and Engineering, 23-24 May 2014, Chicago. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6893376.
- González Fuster, Gloria and Rocco Bellanova (2014), “Edward Snowden: the last Big Brother?”, Opendemocracy.net, 13 May 2014, http://www.opendemocracy.net/can-europe-make-it/gloria-gonz%C3%A1lez-fuster-rocco-bellanova/edward-snowden-last-big-brother
- González Fuster, Gloria (2014), ‘How uninformed is the average data subject? A quest for benchmarks in EU personal data protection” in Balcells, J., Cerrillo i Martínez, A., Peguera, M., Peña-López, I., Pifarré de Moner, M.J., & Vilasau Solana, M. (eds.) Internet, Law and Politics. A decade of transformations. Proceedings of the 10th International Conference on Internet, Law & Politics. Universitat Oberta de Catalunya, Barcelona 3-4 July, 2014. Barcelona: UOC-Huygens Editorial, ISBN: 978-84-697-0826-2, pp. 241-258. http://edcp.uoc.edu/proceedings_idp2014.pdf
- González Fuster, Gloria, The Emergence of Personal Data as a Fundamental Right in the EU, Springer, Dordrecht, 2014.
- González Fuster, Gloria, “La privacidad en Europa. ¿Un debate cada vez más fundamental o cada vez menos?”, TELOS, Revista de Pensamiento sobre Comunicación, Tecnología y Sociedad, Número 97, febrero-mayo 2014, pp. 64-72.
- Barnard-Wills, David, “Security, Privacy and Surveillance in European Policy Documents”, International Data Privacy Law, Vol. 3, No. 3, 2013, pp. 170–180.
- Bellanova, Rocco & Gloria González Fuster, “Politics of Disappearance: Scanners and (Unobserved) Bodies as Mediators of Security Practices”. International Political Sociology, issue 7, 2013, pp.188 – 209.
- de Hert, Paul, Vagelis Papakonstantinou, David Wright and Serge Gutwirth, “The proposed regulation and the construction of principles-driven system for individual data protection”, Innovation: The European Journal of Social Sciences Research, Vol, 26, No. 1-2, pp. 133-144, 2013.
Finn, Rachel L., David Wright, and Michael Friedewald, “Seven types of privacy”, in Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet (eds.),European Data Protection: Coming of Age, Springer, Dordrecht, 2013, pp. 3-32.
- González-Fuster, Gloria and Rocco Bellanova, “European Data protection and the Haunting Presence of Privacy”, Novatica, Special English Edition, 2012/2013. pp. 17-22.
- González-Fuster, Gloria and Serge Gutwirth, “Opening up personal data protection: a conceptual controversy”, Computer Law and Security Review, Vol. 29, 2013, pp. 531-539.
- Szekely, Ivan, “Building our future glass homes – an essay about influencing the future through regulation”, Computer Law and Security Review, Vol, 29, 2013, pp.540-553.
- van Lieshout, Marc, Michael Friedewald, David Wright, and Serge Gutwirth, “Reconciling privacy and security“, Innovation: The European Journal of Social Science Research, Vol. 26, No. 1-2, 2013.
- Friedewald, Michael and Johann Cas, “Bürgersicht auf Sicherheit and Privatheit”, Digma: Zeitschrigt für Datenrecht und Informationssicherheit, 12 Jahrgang, Heft 3, Oktober 2012.
- González Fuster, Gloria, “Security and the future of personal data protection in the European Union“, Security and Human Rights, Vol. 23, No. 4, 2012, pp. 331-342.
- Hallinan, Dara, Michael Friedwald and Paul McCarthy, “Citizens’ perceptions of data protection and privacy in Europe”, Computer Law and Security Review, Vol.28, 2012, pp. 263-272.
- Lagazio, Monica, “The evolution of the concept of security”, The Thinker, Vol. 43, 2012, pp.36-41.
- Wright, David and Charles Raab, “Constructing a surveillance impact assessment”, Computer Law and Security Review, Vol. 28, 2012, pp. 613-626.
The PRISMS project was undertaken by a large and varied consortium of partners from across Europe, including:
Fraunhofer ISI – Project Coordinator
The Fraunhofer Institute for Systems and Innovation Research (ISI) is part of the Fraunhofer Society for the advancement of applied research, the largest organisation for applied research in Europe. Fraunhofer ISI conducts interdisciplinary research at the interface of technology, economy and society under contract to the European Commission, the German Federal Ministry of Education and Research (BMBF), the Office of Technology Assessment at the German Parliament (TAB), other ministries and industrial companies.
Persons involved in the project:
Dr. Michael Friedewald (Project Co-ordinator)
Trilateral Research & Consulting
Trilateral, a niche research and advisory consultancy, specialises in research and providing strategic, policy and regulatory advice on new technologies, privacy, data protection, trust, risk and security issues. Trilateral particularly seeks to help policy-makers improve policy and decision-making in privacy and security, through specialised research and analysis and provide the public and private sectors with practical solutions to address new emerging regulatory and technological challenges. Trilateral has initiated and organised many consortia and proposals under EC FP7 and FP6 programmes.
Persons involved in the project:
Vrije Universiteit Brussel
The interdisciplinary Research Group on Law Science Technology & Society at the Vrije Universiteit Brussel (LSTS), is devoted to analytical, theoretical and prospective research into the relationships between law, science, technology and society. While LSTS’s core expertise is legal, it has a strong experience and track record in legal theory, philosophy of sciences and bio-ethics, and engages in criminological and STS-research too. The LSTS team publishes widely and has been involved in internationally networked research projects. LSTS is the main organiser of the annual “Computers, Privacy & Data Protection” (CPDP) Conferences (www.cpdpconferences.org).
Persons involved in the project:
TNO is the largest Dutch Research and Technology Organisation focusing on applied research, realising impact when addressing societal challenges. As of January 2011, TNO organises its activities in themes, one of the themes being the Information Society. TNO was founded by the Dutch government 80 years ago and has since been a major consultant and research institute on a wide variety of technological and societal challenges for national and European government, leading business companies and societal organisations. It has 4000 researchers working on one of the seven themes of the TNO organisation.
Persons involved in the project:
University of Edinburgh
The University of Edinburgh has an international reputation, with a research ranking in the top five in the UK and first in Scotland. It collaborated in about 180 FP6 projects (€45 million). The School of Social and Political Science (SSPS) embraces Politics and International Relations, Sociology, Science Studies, the Research Centre for Social Sciences, etc. Members of the School have close links with the Institute for the Study of Science, Technology and Innovation (ISSTI), as well as with the law and technology research centre (SCRIPT) in the School of Law.
Persons involved in the project:
Eötvös Károly Policy Institute
The Eötvös Károly Policy Institute (EKINT) is a small research and policy organization created in 2003 by the Soros Foundation in Budapest, in order to establish a novel, unconventional institutional framework for shaping democratic public affairs in Hungary. The Institute is deeply committed to the liberal interpretation of constitutionality, constitutional democracy, and individual rights. EKINT has been a partner in EU-supported projects such as BROAD, ETICA and LiSS COST Action.
Persons involved in the project:
Hogeschool Zuyd (ZUYD) – Infonomics and New Media Research Centre
The Infonomics and New Media Research Centre (INM) is a research unit within the ICT Faculty of Zuyd University of Applied Sciences, specializing in research concerning IT, digitisation and society, with a strong focus on digital identities. INM currently consists of a multi-disciplinary team of teaching staff and researchers, representing a range of disciplines: philosophy, sociology, ethics, law, communication and media theory, computer science and software engineering.
Persons involved in the project:
Ipsos MORI is a full-service market and social research agency based in the UK and is part of the international Ipsos Group. It delivers market and social research for a wide range of public, private and third sector clients using a variety of quantitative and qualitative research techniques. Ipsos MORI is the second largest market and social research agency in the UK and the third largest in Europe and has an extensive international research capacity thanks to strong links with Ipsos companies around the globe. Ipsos MORI is a member of the Market Research Society (MRS), ESOMAR (the European Society for Opinion and Marketing Research), WAPOR (World Association for Public Opinion Research), BPC (British Polling Council) and BMRA (British Market Research Association) and, as such, adheres to their Codes of Conduct.
Persons involved in the project: