Work package 1 – Developing a common research framework

For most citizens, the meaning of privacy and security seems obvious because they have an implicit feeling about them that some may call “common sense”. However, both are colourful notions. This becomes evident when looking at the definition of the terms and their framing in different scientific disciplines. Therefore, a clear understanding of the terminology and the research questions is necessary. This work package developed a common understanding of the research questions and the terminology used in PRISMS; planned  subsequent work packages in detail so that there could be congruence of approach of the partners’ work and, developed a conceptual frame leading to the ultimate development of a decision support system.

Work package 2 – Analysis of security and privacy technologies

This work package provided an overview of current developments and trends in security and privacy technologies and their inter-relationships by collecting and studying technology reports, foresights and roadmaps in the field of security and privacy. It analyses how users attribute meaning to privacy and security technologies. It developed illustrative examples that were used in the survey and monitors relevant developments in security and privacy technologies occurring during the course of PRISMS.

• Preliminary report on technology (D2.1).
• Report on the mutual shaping processes between technologies and conceptions of security (D2.2)
• Final report on current developments on security and privacy technologies (D 2.3)

Work package 3 – Policy assessment of security and privacy

This work package assessed the dominant framework in force in security policy circles concerning security and privacy and analysed the policy approach of the relationship between privacy and security and the perception concerning citizens. Policy documents reveal how security and privacy technologies are perceived by policy-makers, how they reflect certain expectations and ambitions. A discourse analysis of the meanings, expectations and ambitions with regard to the fulfilment of policy ambitions and the use of security/privacy technologies shed light on the perception of security and privacy implications by citizens. This work package includes an inventory of the most relevant security and privacy related policy documents of the past decade within the European Union and selected Member States, a discourse analysis of these documents, followed by monitoring security and privacy policy developments in different contexts.

• An overview of privacy and security policy documents in the EU, six Member States and the United States (D3.1 Part I)
• A discourse analysis of selected privacy and security policy documents in the EU (D3.1 Part II)
• Privacy and security in key EU and International policy documents: Updated overview (D3.2)

Work package 4 – Criminological analysis

This work package  conceptualised the notions of security and privacy from a criminological perspective and then used this knowledge base to provide input into the development of the survey (on citizens’ perceptions of the relationships and interdependencies between security and privacy), its concepts, questions and hypotheses. This work package will contextualise the survey results based on the criminological knowledge base about crime (control) and public opinion and the results of a qualitative research case study. This work package focuses on how the new surveillance practices in the European field of crime control came into being, what technologies, actors and institutions have been mobilised and involved and what rationalities have come to shape, connect and transform notions of crime control, security and surveillance. A qualitative case study on security in airports has been used to further develop and refine the PRISMS conceptual framework and understanding of citizens’ attitudes and opinions.

• Public assessments of the security/privacy trade-off: a criminological conceptualization (D4.1)
• Final criminological report – To Fly or Not to Fly? – Imposing and undergoing airport security screening beyond the security-privacy trade off  (D4.2)

Work package 5 – Privacy, data protection and security from a legal perspective

This work package analysed the legal conceptualisations of privacy and data protection on the one hand, and security on the other. It analysed the legal relationships between privacy and security, and between data protection and security. It provided legal input on issues of privacy, data protection, security and their legal relationship for the preparation and conception of the survey. The consortium carried out a state-of-the-art analysis of legal approaches to privacy and data protection; investigated their relationship; analysed the meaning of both privacy and security from the point of view of constitutional theory and delved into the legal significance of individuals’ choices in relation to privacy, data protection and security.

• Discussion paper on legal approaches to privacy/data protection, security. (D5.1)
• Consolidated legal report on the relationship between security, privacy and personal data in EU law(D5.2)
• Paper on the legal significance of individual choices and the relationship between security, privacy and personal data protection (D5.3)

Work package 6 – Privacy and Security in the Media

There are strong interrelations between public discourses, media reporting and the individual and collective perception of privacy and security. However, for the whole of Europe and even for individual Member States, a continuous and comparative content analysis that identifies discourse patterns and differences between different risks is still a desideratum. Therefore, this work package identifies important topics regarding privacy and security covered in the media, maps the media landscape in Europe and analyses how the media constructs notions of “privacy” and “security” and their impact on citizens’ perceptions.

• Quantitative media analysis report (D6.1)
  
• Content and discourse analysis of security and privacy reporting in the media (D 6.2)
  

Work package 7 – Analysis of existing public opinion and social values surveys

In this work package, the consortium analysed existing surveys on privacy, security, surveillance and trust with an evaluation of their reliability, shortfalls and applicability for policy-makers. This research informed the design and development of the survey that the consortium undertook in each EU Member State (under work package 9). This work package involved a detailed analysis of existing public opinion surveys on privacy, security, surveillance and trust, a meta-analysis, a review of survey questioning techniques, shortcomings, lessons learned and longitudinal comparisons, and an analysis of social value surveys.

•  Report on existing surveys (D7.1)

Work package 8 – First integration of results

This work package combined and compared the results from all prior work packages and verified them through expert interviews. It developed hypotheses about the public’s privacy and security perceptions to be tested in the survey and developed a concept for the statistical analysis of the survey results.

•  Report on validating the hypotheses: Interviews with privacy and security experts (D8.1)

Work package 9 – Survey of citizens’ privacy and security perceptions

The main task of this work package involved the preparation and conduct of a representative, trans-European survey, including 27,000 telephone interviews to ascertain citizen’s privacy and security perceptions. The preparation involved assessing and refining of hypotheses (through focus groups), designing and testing of questions. Data collection used a quota sampling approach, and employed random digit dialing (RDD) telephone methodology in all countries, using both landline and mobile telephones. This survey will help determine whether people evaluate the introduction of security technologies in terms of a trade-of and the public attitude/opinion in relation to this trade-off/relationship. It will also determine the factors that affect public assessment of the security and privacy implications of a given security technology.

•  Report on findings from qualitative focus groups (D9.1)
• Initial findings from the survey (available on request)

Work package 10 – Second integration – Interpretation of results

Work package 10 will carry out advanced statistical analysis to answer the central quantitative questions, test hypotheses and explain the interrelationship between privacy and security attitudes. This work package will put the citizen’s survey results into context. To test and validate our findings in advance of using them for the final stage of the project, the consortium will organize a number of small-scale deliberative workshops. These workshops will discuss, inter alia, the potential risk of dual use of the Decision support system to manipulate public opinion by those wishing to promote or undermine support for security interventions and possible countermeasures to consider when designing the DSS.

•  Report on statistical analysis of the PRISMS survey (D 10.1) – expected June 2015
• Analysis of specific hypotheses in the field of surveillance oriented security practices (D 10.2)
  

Work package 11 – Decision support system

One of the main objectives of PRISMS is to design a “decision support system providing for insight into the pros and cons of specific security investments compared to a set of alternatives taking into account a wider societal context”. The audience of the decision support system is the users, i.e., the stakeholders responsible for security investments.

The decision support system provides support for decision-making, i.e., it is not the decision-making “device” itself. The system has been developed based on methods of risk assessment and stakeholder involvement as elaborated in other domains. The decision support system offers an analytical frame in which pros and cons of the alternatives are weighed in a number of policy-relevant dimensions. The result is a multi-dimensional framework assessing the impact of a specific investment decision against a number of identified alternatives.

•  PRISMS Decision Support System (D11.3)

Work package 12 – Dissemination and liaison

This work package focuses on identifying and reaching out to stakeholders to raise their awareness about the research and findings of PRISMS and to encourage them to support the project’s recommendations. A dissemination strategy will elaborate the consortium’s stakeholder engagement and dissemination activities (e.g. project website, press releases, journal article papers, conference presentations, final conference).

• Proceedings of the final conference (D12.3)
• Report on the consortium’s dissemination activity (D 12.4)
• Conference book

Publications

The following publications stem from the work completed in the duration of the PRISMS project.

2015

• Friedewald, Michael, Marc van Lieshout, Sven Rung, Merel Ooms and Jelmer Ypma (Forthcoming 2015), “Privacy and Security Perceptions of European Citizens: A Test of the Trade-off Model” in J. Camenisch et al (Eds.), Privacy and Identity 2014, IFIP AICT.
• Huijboom, Noor, and Gabriela Bodea (2015) “Understanding the Political PNR-debate in Europe: A Discourse Analytical Perspective“, Perspectives on European Politics and Society, Vol. 16, 2015.
• González Fuster, Gloria (2014), ‘How Uninformed is the Average Data Subject? A Quest for Benchmarks in EU Personal Data Protection“, IDP Revista de Internet, Derecho y Política, N° 19, November 2014, pp. 92-104, ISSN 1699-8154.

2014

• Székely, Iván, “Surveillance – a megfigyelestol a megfigyelo tarsadalmakig és a megfigyelestudomanyig [Surveillance – From Surveillance to Surveillance Societies and Surveillance Studies]”, Replika, Vol. 89, No. 5, 2014, pp. 7-13.
• González Fuster, Gloria, (2014), “Fighting For Your Right to What Exactly? The Convoluted Case Law of the EU Court of Justice on Privacy and/or Personal Data Protection”, Birkbeck Law Review, Vol. 2 Issue 2, December 2014, pp. 263-278
• Wright, David, and Charles Raab, “Privacy principles, risks and harms”, International Review of Law, Computers & Technology, Vol. 28, No. 3, 2014, pp.277-298.
• Haita, Carolina and Daniel Cameron (2014) “Privacy or Security:A False Choice? European Citizens’ perceptions of privacy, personal data, surveillance and security”, Understanding Society, June 2014,  IPSOS MORI pp12-16.

• González Fuster, Gloria and Serge Gutwirth (2014) “Ethics, Law and Privacy: Disentangling Law in from Ethics in Privacy Discourse”, in Proceedings of the 2014 IEE International Symposium on Ethics in Science, Technology and Engineering, 23-24 May 2014, Chicago. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6893376.

• González Fuster, Gloria and Rocco Bellanova (2014), “Edward Snowden: the last Big Brother?”, Opendemocracy.net, 13 May 2014, http://www.opendemocracy.net/can-europe-make-it/gloria-gonz%C3%A1lez-fuster-rocco-bellanova/edward-snowden-last-big-brother

• González Fuster, Gloria (2014), ‘How uninformed is the average data subject? A quest for benchmarks in EU personal data protection” in Balcells, J., Cerrillo i Martínez, A., Peguera, M., Peña-López, I., Pifarré de Moner, M.J., & Vilasau Solana, M. (eds.) Internet, Law and Politics. A decade of transformations. Proceedings of the 10th International Conference on Internet, Law & Politics. Universitat Oberta de Catalunya, Barcelona 3-4 July, 2014. Barcelona: UOC-Huygens Editorial, ISBN: 978-84-697-0826-2, pp. 241-258. http://edcp.uoc.edu/proceedings_idp2014.pdf

• González Fuster, Gloria, The Emergence of Personal Data as a Fundamental Right in the EU, Springer, Dordrecht, 2014.

• González Fuster, Gloria,  “La privacidad en Europa. ¿Un debate cada vez más fundamental o cada vez menos?”, TELOS, Revista de Pensamiento sobre Comunicación, Tecnología y Sociedad, Número 97, febrero-mayo 2014, pp. 64-72.

2013

• Barnard-Wills, David, “Security, Privacy and Surveillance in European Policy Documents”, International Data Privacy Law, Vol. 3, No. 3, 2013, pp. 170–180.

• Bellanova, Rocco & Gloria González Fuster, “Politics of Disappearance: Scanners and (Unobserved) Bodies as Mediators of Security Practices”. International Political Sociology, issue 7, 2013, pp.188 – 209.

• de Hert, Paul, Vagelis Papakonstantinou, David Wright and Serge Gutwirth, “The proposed regulation and the construction of  principles-driven system for individual data protection”, Innovation: The European Journal of Social Sciences Research, Vol, 26, No. 1-2, pp. 133-144, 2013.

• Finn, Rachel L., David Wright, and Michael Friedewald, “Seven types of privacy”, in Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet (eds.),European Data Protection: Coming of Age, Springer, Dordrecht, 2013, pp. 3-32.

• González-Fuster, Gloria and Rocco Bellanova, “European Data protection and the Haunting Presence of Privacy”, Novatica, Special English Edition, 2012/2013. pp. 17-22.

• González-Fuster, Gloria and Serge Gutwirth, “Opening up personal data protection: a conceptual controversy”, Computer Law and Security Review, Vol. 29, 2013, pp. 531-539.

• Szekely, Ivan, “Building our future glass homes – an essay about influencing the future through regulation”, Computer Law and Security Review, Vol, 29, 2013, pp.540-553.

• van Lieshout, Marc, Michael Friedewald, David Wright, and Serge Gutwirth, “Reconciling privacy and security“, Innovation: The European Journal of Social Science Research, Vol. 26, No. 1-2, 2013.

2012

• Friedewald, Michael and Johann Cas, “Bürgersicht auf Sicherheit and Privatheit”, Digma: Zeitschrigt für Datenrecht und Informationssicherheit, 12 Jahrgang, Heft 3, Oktober 2012.

• González Fuster, Gloria, “Security and the future of personal data protection in the European Union“, Security and Human Rights, Vol. 23, No. 4, 2012, pp. 331-342.
• Hallinan, Dara, Michael Friedwald and Paul McCarthy, “Citizens’ perceptions of data protection and privacy in Europe”, Computer Law and Security Review, Vol.28, 2012, pp. 263-272.

• Lagazio, Monica, “The evolution of the concept of security”, The Thinker, Vol. 43, 2012, pp.36-41.

• Wright, David and Charles Raab, “Constructing a surveillance impact assessment”, Computer Law and Security Review, Vol. 28, 2012, pp. 613-626.