Tender: Systematic Approach for Assessing Online and Mobile Privacy Tools
Greece, 29 December 2015
The scope of this project is to provide a thorough and easy-to-use methodology for the assessment of PETs for the general public, together with its practical application in the area of mobile privacy tools. The successful contractor is expected to:
Develop a systematic approach for the assessment of online and mobile PETs (PETs controls matrix).
Apply the methodology, in co-operation with PETs developers, for the assessment/presentation of at least five (5) tools for mobile privacy (e.g. smartphone apps).
The objectives of this tender are organised into the following tasks:
TASK 1: PETs controls matrix
In this task the prospective contractor will first define the criteria to be taken into account in the assessment of PETs, considering different aspects (e.g. reliability/trustworthiness, security, usability, functionality). Then, for each criterion the type, level and method of assessment will be defined, describing all parameters that need to be considered. Assessment values and scales could also be defined per criterion. Apart from the generic criteria (applicable for all types of PETs), specific functionality criteria will also be defined at least for encryption, secure messaging and anti-tracking tools.
The outcome of this work will be a matrix for assessment/presentation of PETs, including all defined criteria, the particular parameters per criterion, as well as their possible scales/values. The matrix will be provided in a practical form/tool to allow for easy application by PETs developers or independent evaluators, as well as for user-friendly presentation of the results to the general public.
In conclusion, for this task the contractor should:
Define the criteria for the assessment of PETs (generic and specific per PETs type).
Provide a detailed description per criterion of the parameters that need to be assessed, the level and method of assessment, relevant values and scales.
Present all criteria in a controls matrix that could be used for the assessment of different aspects of PETs (e.g. reliability/trustworthiness, security, usability, functionality).
Provide the PETs control matrix in a practical form/tool for easy application by interested parties and user-friendly presentation to the general public.
In order to perform this task, the contractor should take into account the ENISA’s previous work on online privacy tools8, as well as relevant research and work in the field. Privacy experts with experience on the topic (from academia, data protection authorities, industry) should also be consulted.
It should be mentioned that for purpose of the project emphasis is put on online and mobile PETs, i.e. privacy enhancing tools designed to work during an internet connection and/or tools that protect the privacy of mobile (e.g. smartphone) users.
The outcome of this task will be the first milestone of the project and will be documented in the first draft of Deliverable D1.
TASK 2: Assessment of mobile privacy tools
In this task the contractor will first provide an overview of existing PETs for the protection of mobile users, especially in the areas of encryption, secure messaging and anti-tracking. To this end, relevant mobile apps will be examined covering different operating systems. Then, following the results of task 2, the aim would be to have the PETs control matrix applied by the developers of at least five (5) mobile privacy tools and accordingly present the results. In the course of this exercise, the contractor will evaluate the practical implementation of the proposed methodology and will also assess its potential applicability in the context of privacy certification and privacy seals.
In conclusion, for this task the contractor should:
Provide an overview of PETs for mobile users (mobile privacy tools).
Apply, in co-operation with PETs developers, the PETs controls matrix to at least five (5) mobile privacy tools.
Describe open issues and the potential of further applicability of the proposed methodology, taking also into account the areas of privacy certification and privacy seals.
The outcome of this task will be the second milestone of the project and will be documented in the second draft of Deliverable D1.
Deliverable D1 will provide an integrated presentation of the results of the two tasks (final document).
ENISA will fully support the contractor in the different subtasks. The contractor will collaborate closely with ENISA throughout the elaboration of the study and agree on the chosen solutions.
TASK (on-going) Project management
The contractor should implement an appropriate and efficient project management method. The contractor is expected to submit to the ENISA, prior to the Kick Off meeting, detailed Gantt Charts and related documentation. These will be reviewed by ENISA.
The Gantt charts and related documentation should include:
Scheduling of all tasks and activities within the tasks.
Milestones and critical activities.
Assignment of experts and person days to tasks and activities.
Identification of possible risks and suggestions to mitigate them.
Quality assurance and peer review measures to ensure high quality results.
The contractor is expected to send monthly progress reports to the ENISA project manager about the project and to schedule two-weekly telephone meetings about the progress. The progress reports should include what has been done the previous weeks, the status, what is planned for the next two weeks, the risks and suggested solutions and finally, points to take decisions upon. After meetings, the contractor sends the meeting minutes to the ENISA project manager.
Submission Deadline: 5 February 2016
Also view the ECN Procurement Notice (accessible by ECN Executive Members - Login to View)