Data Protection Concept

The EU introduced the General Data Protection Rules in 2016 to protect the users privacy. This is an important step and this project shall introduce students to some concepts of data protection which are applied in this project. We will further demonstrate which privacy protection strategies and tactics are applied and describe how we implemented them.

Privacy Enhancing Strategies

Minimization

Minimization is an engineering task that limits the recorded data to a minimal set while still beeing able to fulfill the tasks. Especially, it is only allowed to collect data for a specific purpose, and to reduce the processing to the lowest possible level. That means to process and store only the data which is required for the purpose. Furthermore, to not store data longer than necessary and to limit access to the data to the ones that really need it. These fundamentals are declared in Article 5 of the GDPR.

For this project, we evaluated how much data is required to offer the features of our product. Then, we tried to limit the required personal information as much as possible. Still some points are necessary to be able to be accountable towards the authorities. See also >> Concerns

Hide

This strategy describes methods that keep data confidential. Typical tactics are pseudonymization, anonymization or encryption. In our implementation we tried to keep users as anonymous as possible. We use a pseudonym - the UUID of their device - to link their data to an user account. The UUID is generated while installing the application. Therefore, the UUID is unique for a device to a certain point in time. Thus, using it as an identifier keeps the user anonymous towards the system. This method worked out for almost all features of the app. Unfortunately, there is the Bulletin Board. This feature offer to create adverts, i. e. to sell old books to other students. For accountability reasons, we must authenticate out users to fulfill our duties towards the authorities in case of illegal misbehavior on our platform. As a consequence, a user becomes identifiable from the moment, he or she is creating an advert in the Bulletin Board.

Considerations

This section describes considerations related to the privacy of the user. These considerations shall create awareness of risks of users towards the developers. Furthermore, it shows challenges of modern app development and points towards open issues.

Bulletin Board Identifies Users

The main concerns towards privacy are related to the feature Bulletin Board. If an intruder gets access to the database, they possibly could generate a profile of a user and can link it to the user in case the user published PII within his or her usage of the Bulletin Board. Also, a user should be careful, when entering contact details in adverts of the Bulletin Board, since these are shared publicly over the platform.

Profiling Based on Likes

A user may can be profiled regarding their preferences of food, events or news articles. This may also lead to an identification of an pseudonymized user. At the moment we do not allow profiling operations on stored user data and we do not provide analytical operations regarding an user’s preferences. A user can set preferences in the app on his or her device, and these are stored locally.