The consumption of a seamless travel experience requires travellers to share their personal data with numerous individual travel and tourism service providers. There is a general lack of guidelines on how travellers should manage their data sharing activities while travelling, which lead to two unwanted situations: 1) travellers simply share their data without understanding the privacy and security risks and consequences; 2) travellers become over-worried about such risks so that they stop sharing data, which reduce their overall travel experience and prevent organisations to provide better (more personalised) services. The wide spectrum of data sharing with many entities including on social media, instant messaging and other online social platforms makes the situations worse as travellers often cannot see a big picture of how they have shared their data in the past to adapt their data sharing behaviour. PriVELT will address the two-sided challenges associated with offering a seamless and highly personalised end-to-end travel experience while balancing the privacy and security needs of leisure travellers. On the one hand, travel service providers need to identify effective ways to incentivise travellers to share personal data in exchange of tangible benefits such as higher quality service, personalised offers, discounts, or add-on services. On the other hand, travellers need to better manage the sharing of their personal data to minimise privacy-related risks while optimising value from a seamless travel experience. Therefore, PriVELT aims to develop an innovative user-centric and privacy-aware digital platform that will empower leisure travellers to better manage the sharing of their personal data with travel service providers and other entities and foster new business opportunities for the travel and tourism industry through encouraging better (more transparent and effective) usage of travellers' data. PriVELT will develop the user-centric platform based on a holistic socio-technical framework of privacy-related traveller behaviour. The framework will provide intervention points to effectively nudge travellers to share their personal data more responsibly. PriVELT draws from theories in social sciences, including consumer psychology and behavioural economics, to better explain how consumers make decisions to disclose personal information in exchange for values. PriVELT also considers travellers' psychological limitation, such as limited understanding of privacy risks, which may induce irrational behaviour in privacy-related decision-making process while traveling. In order to achieve its aim, PriVELT's research will be interdisciplinary, co-created, theory-informed, evidence-based, user-centric, and real world-facing. PriVELT will combine both social and technical methods to collect and analyse data, integrating focus groups and interviews with relevant stakeholders, a panel survey, lab-based user studies, and field studies with real domestic and international travellers (end users) to identify and apply an array of effective nudging strategies to inform travellers with risks and consequences of sharing personal data while traveling. One of the key outcomes will be a digital platform that will be used for: 1) monitoring travellers' data sharing activities; 2) enhancing situational awareness of privacy risks related to data shared; 3) providing an innovative way of achieving dynamic consent management for participants, allowing dynamic updating of the consent while travelling; ; 4) providing better recommendations for travellers to adapt their data sharing behaviours. The digital platform will be composed of three main components: 1) tools at the traveller (user/client) side in the form of a mobile app, 2) an infrastructure and tools at the server side for anonymised data aggregation and analytics purposes, and 3) the API and user interfaces for consumers of data shared by travellers.

The fellowship will examine the science, technology and application of Multi-Party Computation technology in various application domains. MPC is a long standing theoretical construct, which is only now becoming practically realisable. It has the potential to revolutionize the way we enable trust in our computing infrastructure (by distributing trust amongst different parties). It will enable greater privacy aware applications, (by enabling parties to compute on data without holding it `in the clear'), and it will ensure greater security (by providing robust and secure protocols for tasks currently performed in an insecure and ad-hoc manner). It can also enable new business models and applications by allowing parties who currently do not share data resources, to share the said resources without compromising on either privacy or security. The research programme covers a pipeline of work covering the lower TRL levels. We will conduct basic scientific research in the underlying mathematics and protocols, we will conduct research in the systems engineering needed to bring such protocols to an efficient reality, including work on programming tools and models, and finally we will examine potential applications via demonstrators and our industrial advisory board (all of whome have been selected due to their long term interaction with our group and their expertise in specific application domains of MPC).

The IoT represents a convergence of ubiquitous computing and communication technologies, with emerging uses that actuate in the real world. No longer do ubiquitous computing systems simply sense and respond digitally, now they physically interact with the world, ultimately becoming embodied and autonomous. At the same time, the game is changing from one of privacy, where it is often (contestably) cited that "users don't care", to one of user safety, where users (along with regulators, governments, and other stakeholders) certainly do care. Likewise, industry needs to become aware that this shift also changes the legal basis under which companies need to operate, from one of disparate and often weakly enforced privacy laws, to one of product liability. The current widely adopted approach in which cloud services underpin IoT devices has already raised major privacy issues. Importantly in an actuated future, untrammelled communications implicating a plethora of heterogeneous online services in their normal operation also brings with it resilience challenges. We must ensure the integrity of actuating systems, which will require greater local autonomy alongside increased situated accountability to users. This problem applies in many areas: industrial control, autonomous vehicles, and smart cities and buildings, including the intimate and shared context of the home. This research seeks to address the challenge in the context of the home, where the network infrastructure protection is minimal, providing little or no isolation between attached devices and the traffic they carry. Scant attention has been paid by the research community to home network security, and its acceptability and usability, from the viewpoint of ordinary citizens. This research is also deeply rooted in pragmatism and recognises the 'real world, real time' conditions that attach to the IoT: - that the cyber security solutions currently being defined for IoT systems will not deal with legacy issues and will never achieve 100% adoption; - that extant businesses limit the period of time for which they will provide software and security updates (if they even remain in business); - that cyber security is an arms race and threats will continue to emerge in future; - and that the public will never become network security experts.