Presentation on theme: "The ‘PAIPPSI’ Research Project « Pour une Analyse Interdisciplinaire des ‘Privacy Policies’ sur les Sites Internet » ‘An interdisciplinary analysis of."— Presentation transcript:
The ‘PAIPPSI’ Research Project « Pour une Analyse Interdisciplinaire des ‘Privacy Policies’ sur les Sites Internet » ‘An interdisciplinary analysis of 'Privacy Policies' on Websites’ F. Le Guel RITM Université Paris Sud Colloque ISN La protection des données personnelles : approche pluridisciplinaire Jeudi 18 décembre 2014 Les Colombages, 12 rue Arthur Rozier, Paris
PAIPPSI : an exploratory project PAIPPSI is a ‘PEPS’ project : ‘Projet Exploratoire Premier Soutien’ Funding : CNRS-Idex Paris-Saclay December 2014/December 2015 An exploratory project aims to promote original interactions between Social Sciences and other sciences such as mathematics, computer science, engineering, etc… to initiate scientific and technological communities in Saclay, with the ability to associate corporate industrial laboratories or start-ups
PAIPPSI : an interdisciplinary project Economists : Grazia Cecere, Nicolas Soulié, Matthieu Manant, Serge Pajak, Alain Rallet, Fabrice Rochelandet, Jean-Michel Etienne, Nessrine Omrani (RITM, U. Paris Sud) Lawyers : Célia Zolinsky, Ola Mohty (DANTE, UVSQ), Alexandra Bensamoun, David Forest, Julie Groffe (CERDI – U. Paris Sud), Claire Levallois-Barth (TPT - Institut Mines-Télécom) Computer scientists : Sophie Chabridon (TSP - Institut Mines- Télécom) Consumers' Association : François Carlier (CLCV - Association nationale de défense des consommateurs et usagers)
The ‘privacy paradox’ (A. Acquisti) 'privacy paradox' : while Internet users are concerned about privacy, their behaviors do not mirror those concerns Discrepancy between stated privacy concerns and actual privacy settings
Issues We talk about the best way to inform citizens about the collection and processing of personal data in the age of the ‘Internet of Things’ and ‘Big Data’ while legislation is evolving…... at the time of criticisms of companies like Facebook, Twitter or Google's…... but without undermining the economic growth !
The firm’s behavior: Two examples of the gap between what is announced by the firm and what it actually does Ghostery TRUSTe
What is announced by ‘Ghostery’
(MIT Technology Review) GhostRank takes note of ads encountered and blocked, and sends that information back to advertisers so they can better formulate their ads to avoid being blocked … and what Ghostery actually does
TRUSTe : an online trust certification : Gap between what is announced by TRUSTe and what it actually does
The contribution of lawyers For lawyers: the content analysis of privacy policies aims to see if what is said by the website is consistent with what the law requires It is needed to qualify (to code, for subsequent statistical processing) the content of a sample of privacy policies in the light of the law: Constitution, convention n° 108 du Conseil de l’Europe du 28 janvier 1981, charte des droits fondamentaux de l’Union européenne, directive n° 95/46/CE et loi du 6 janvier 1978 modifiée… … including the lessons learnt from past experiences: for example, ‘PrimeLife’, ‘P3P’, ‘Privacy Dictionary’; the littérature (i.e. Cranor and al.), article 29 (G29) working party…
The contribution of computer scientists 1.to analyze websites tracking (for example by using and testing confidentiality tools such as ‘LightBeam’ or 'Privacy Dashboard'), 2.to study the collapse of the Platform for Privacy Preferences (P3P) protocol (cf. L. Cranor, 2012), a mechanism to help privacy protection on the Web. “This mechanism relies on the use of machine-readable privacy policies, posted on a website, and interpreted by client-side browser extension.” 3.to define and test a ‘privacy dictionary’ (cf. A. J. Gill & al., 2011).
Our partnership with the CLCV While the citizen is at the center of the debate and remains the supplier of personal data, users’ behavior is often set aside ! Our partnership with CLCV will enable us to focus our analysis in web user behavior
Afterwards ? ANR project-based research H2020 : The EU Framework Program for Research and Innovation New partnerships A new workshop (2015)