0

EU Guidance: A systematic approach for assessing online and mobile privacy tools

Purpose

Key Questions: How can online and mobile privacy tools be effectively assessed?

This tool provides a detailed guide to assessing Privacy Enhancing Technologies and is in compliance with the updated General Data Protection Regulation 2016/679/EC (GDPR). The guide is to be used in conjunction with the PETs Control Matrix - Assessment Questionnaires and Excel Tool found below. 

The "PETS control matrix" is an assessment framework and tool for the systematic presentation and evaluation of online and mobile privacy tools for end users. It relies on a set of assessment criteria, which can be broken down into specific parameters and assessment points, acting as indicators of certain properties and features of the tools. A distinction is made between generic and specific criteria. This document draws a number of general conclusions and subsequent recommendations to be considered by all involved stakeholders in the area of PETs and is to be used as a guide for the provided tools:

Contents

  • Executive Summary
  • 1. Introduction
    • 1.1 Background
    • 1.2 Scope and objectives
    • 1.3 Methodology
    • 1.4 Structure
  • 2. PETs assessment criteria: an overview
    • 2.1 Introduction
    • 2.2 Generic and specific criteria
    • 2.3 Putting privacy into practice
    • 2.4 Defining privacy-related characteristics
    • 2.5 Specificities of mobile apps
    • 2.6 The list of assessment criteria: a snapshot
    • 2.7 Assessment methods
  • 3. Generic assessment criteria
    • 3.1 Maturity and stability
      • 3.1.1 Maintenance
      • 3.1.2 Privacy protection
      • 3.1.3 Community support
      • 3.1.4 Audit and review
      • 3.1.5 Summary and assessment methods
    • 3.2 Privacy policy implementation
      • 3.2.1 Access to personal data stored on user's device
      • 3.2.2 Transfer of personal data from user's device
      • 3.2.3 Profiling
      • 3.2.4 Documented privacy policy 
      • 3.2.5 Summary and assessment methods
    • 3.3 Usability
      • 3.3.1 Installation process
      • 3.3.2 Uninstallation process
      • 3.3.3 Use and configuration
      • 3.3.4 Summary and assessment methods
  • 4. Specific assessment criteria
    • 4.1 Secure messaging
      • 4.1.1 End-to-end encryption
      • 4.1.2 Client-server encryption
      • 4.1.3 Security of stored data
      • 4.1.4 Authentication
      • 4.1.5 Anonymous communication
      • 4.1.6 Summary and assessment methods
    • 4.2 Virtual Private Networks
      • 4.2.1 Identity protection
      • 4.2.2 Encryption 
      • 4.2.3 Side effects
      • 4.2.4 Summary and assessment methods 
    • 4.3 Anonymizing networks
      • 4.3.1 Anonymity protection
      • 4.3.2 Encryption
      • 4.3.3 Side effects
      • 4.3.4 Summary and assessment methods
    • 4.4 Anti-tracking tools for online browsing
      • 4.4.1 Blocking of trackers
      • 4.4.2 Data collection
      • 4.4.3 Side effects
      • 4.4.4 Summary and assessment methods
  • 5. The PETs control matrix
    • 5.1 A case study: secure messaging apps 
  • 6. Conclusions and recommendations
  • 7. Bibliography

Type of Tool:

Publication Date: 
2016
Videos: 

9 Steps to prep you for the GDPR