Data Security Layer: Protecting sensitive data in Citizen Science Apps

In many Citizen Science projects, there are distinct data categories which have a sensitive nature. From endangered species to details about personal lives in social science programmes, working with such data elements requires an additional level of protection and security.

An integrated feature for better data safety in Citizen Science

Together with research projects on the SPOTTERON platform, we have developed a security toolkit, that enables handling sensitive data. In each project's app setup, we can set questions and input options in the data submission dialog as "sensitive," allowing a flexible configuration and even mixtures of regular public data and sensitive private data.

But Citizen Science has a specialty here. The author of a contribution in a project still needs to see her or his own submission and even be able to correct it in such a case. This means that it is not possible to simply remove all sensitive data from an app. The original author as well as user roles like the data moderators or administrators need to be able to access the submitted data in the mobile application, but other users should not. 

Transfer of sensitive data from servers to the Citizen Science App

Data protection begins way before data has arrived in the mobile app or web application. Before being displayed in an app, the data has to be sent over the web to the user's device. The SPOTTERON "Security layer" system protects sensitive data before it transits from servers to the app, as well as displaying submitted information publicly only if a proper authorship clearance has been obtained.

Before a data element is transferred from servers to the client, aka the app, there is an authorization process taking place. The app requests the data element from the server, but as soon as this happens, the system validates if the requesting client is actually allowed to get access to the data. This is the case if the user requesting the data element is the original author, or if she or he has the user role of a project data moderator or administrator. If there is no authorization for data transfer, the data itself is not transmitted.That is the crucial aspect - the data does not arrive at the client's device. Without such an authorization of transfer, there would still be the possibility to read out the data in transmission, which does not take much effort either.

Additionally, all sensitive data transfers are always encrypted between the server and client. On SPOTTERON, we use high security industry standards for encryption, and all sensitive data sent over the web to a device is automatically protected from being read in transit.

From Data Input to Data Display both in the Citizen Science Apps and the Data Administration Interface — the Security layer takes care of transfer authorization and of data filtering to only enable data availability for authors, moderators, and administrators.

Ready for all public engagement projects & app collaborations

This authorization process for data transfer is now an integrated part of all Citizen Science Apps running on the SPOTTERON platform. Together with the project scientists, we can define which data should be handled in a sensitive way and which data should stay public.

With the SPOTTERON Security Layer System, it is possible to ask the hard questions in the social sciences, or to protect sensitive information from being accessible only to those who should not know.

Run practical data security in your app

Run your Citizen Science App on SPOTTERON to utilize data security in your public apps! Get in contact here: