Advertisement

Privacy Policies, Tools and Mechanisms of the Future

  • Vincent Naessens
  • Mehmet Tahir Sandikkaya
  • Jorn Lapon
  • Kristof Verslype
  • Pieter Verhaeghe
  • Girma Nigusse
  • Bart De Decker
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 309)

Abstract

Although many believe that we have lost the battle for privacy, protection of what’s left of the user’s privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.

Keywords

Service Provider Personal Information Privacy Policy Personal Data Social Networking Site 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Gevers, S., Decker, B.D.: Privacy friendly information disclosure. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 636–646. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., Schunter, M., Stampley, D.A., Wenning, R.: The platform for privacy preferences 1.1 (p3p1.1) specification (November 2006), http://www.w3.org/TR/P3P11/
  3. 3.
    Cranor, L., Langheinrich, M., Marchiori, M.: A p3p preference exchange language 1.0 (appel1.0) (April 2002), http://www.w3.org/TR/P3P-preferences/
  4. 4.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Xpref: a preference language for p3p. Computer Networks 48(5), 809–827 (2005)CrossRefGoogle Scholar
  5. 5.
  6. 6.
  7. 7.
    Ardagna, C., Cremonini, M., di Vimercati, S.D.C., Samarati, P.: A privacy-aware access control system. Journal of Computer Security (JCS) 16(4), 369–392 (2008)CrossRefGoogle Scholar
  8. 8.
    Bournez, C., Neven, G.: Draft requirements for next generation policies, Draft version (PrimeLife Project) (2008)Google Scholar
  9. 9.
    Samarati, P.: First research report on research on next generation policies, Version 1.0 (PrimeLife Project) (2009)Google Scholar
  10. 10.
    Bournez, C., Bichsel, P.: First report on standardisation and interoperability overview and analysis of open source initiatives, Deliverable (PrimeLife Project) (2008)Google Scholar
  11. 11.
    Petterson, J.S., Fischer-Hübner, S., Nilsson, N.D.J., Bergmann, M., Kriegelstein, T., Clau, S., Krasemann, H.: Making prime usable. In: Proceedings of the Symposium of Usable Privacy and Security, SOUPS (2005)Google Scholar
  12. 12.
    Pettersson, J.S.: Hci guidelines, Final version (Prime Project) (2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Vincent Naessens
    • 1
  • Mehmet Tahir Sandikkaya
    • 1
  • Jorn Lapon
    • 1
  • Kristof Verslype
    • 2
  • Pieter Verhaeghe
    • 2
  • Girma Nigusse
    • 2
  • Bart De Decker
    • 2
  1. 1.Department of Industrial EngineeringKatholieke Hogeschool Sint-LievenGentBelgium
  2. 2.Department of Computer ScienceKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations