According to the article 13 of the General Data Protection Regulation (GDPR), we give in the following information on the data we collect.
1) The representative of the person in charge of the treatment is the CEO of Inria.
2) The commissioner to the data protection at Inria is Anne Combe - firstname.lastname@example.org - postal address: Inria , 2004 route des lucioles, BP 93, 06902 Sophia-Antipolis cedex, France.
3) The ElectroSmart app is collecting the following data:
- the signal received power measured periodically by the smartphone, e.g., every 20 minutes. Measured signals can be, depending on the smartphone compatibility, Wi-Fi, Bluetooth, GSM, CDMA, 3G et 4G;
- information on the emitting infrastructures (access point name, base station ID, etc.);
- the localisation and the orientation of your smartphone when the measurement is made;
- the smartphone brand, model, and Android version;
- information on you app usage;
- information you accept to share with use, such as first name, email address, age, sex, how do you feel with waves.
4) The only one person who can access the collected data are members of the ElectroSmart team.
5) No data is shared with a third party country or organisation.
6) We store your data for 5 years after your last synchronization and a maximum of 10 years after the first synchronization. We keep your data in particular for scientific exploitation.
7) You can access your data or request their deletion. You also have a right of opposition, of a right of rectification and a right to processing of your data (see CNIL for more information about your rights).
To ask any question or to exercise your rights, you can contact the DPD
by email: email@example.com
or on the following postal address
La déléguée à la protection des données
Inria, 2004 route des Lucioles, BP 93, 06902 Sophia-Antipolis
8) At any time you can decide suppress all the collected data.
9) If you feel, after contacting us, that your rights are not respected or that the treatment does not comply with the data protection rules, you can send a complaint to the CNIL.
10) This data collection is done on the basis of volunteering. Cette collecte de données s'effectue sur la base du volontariat. You are in no way required by regulation, contractual or other to provide your data.
11) This treatment generates no profiling or decision-making automated information about you from your data and processing of these.
As a research project, we will collect, store, process and analyze your data to improve the accuracy of your exposition report. We will publish our findings online and in academic publications. However, keep in mind that we do not collect any personal information and that all published information is aggregated.
You will never find a project or a company claiming that they don't care about your privacy. They all write that they take your privacy very seriously and work hard to protect it. We all know this is not true, and most of us accept it. So you might wonder why this project would be more careful about your privacy. There are three main reasons.
First, to understand why we care about your privacy, you need to understand who we are and what we did before working on this project. The leader of this project, Arnaud Legout, was the leader of the Bluebear project in which we identified privacy issues in widely popular systems such at Skype, BitTorrent, and Tor; we went to press to publicize these issues in order to inform the public. Arnaud Legout is also part of the Meddle project on improving transparency and user control on smartphones. We believe that transparency must be at the core of a privacy preserving policy. Second, we are not collecting sensitive data. Indeed, the best way to protect your privacy is to do not collect sensitive data. Last, we are located in France and all data are stored in an Inria datacenter in France. France is among the most privacy preserving country in the world and has a specific commission, the CNIL, that must validate that any digitally stored information does not infringe the French law on data protection and privacy. This is the reason why all big internet companies never store their data in France (but usually prefer Ireland) for European clients. The ElectroSmart project has been validated by the CNIL and by the Inria Ethical Committee called COERLE.