Dismantling the Twelve Privacy Purposes
Purpose appears in all privacy guidelines, codes, policies, and legislations. It plays a central role in many privacy-related systems such as P3P, Hippocratic databases, EPAL, and XACML. We show that the P3P 12 standard purposes mix uses of personal information with acts on personal information and mix uses of personal information privacy with other states of affairs that have several interpretations. Some purposes are not even strongly privacy-related purposes. In this paper, P3P is singled out as the object of study; however, the implication applies similarly to other projects. We propose to use chains of information handling that let the user exercise more control on the use of his/her PI and allow the personal information gatherer to excise more control on the processing and accessing of information in its procession.
KeywordsPersonal Information Email Message Privacy Preference Informational Privacy Current Transaction
- Agrawal, R. Kiernan, J. Srikant, R. and Xu, Y. (2002). Hippocratic databases. In The 28th International Conference on Very Large Databases (VLDB), Hong Kong, China, August.Google Scholar
- Al-Fedaghi, S. (2007). Beyond Purpose-Based Privacy Access Control. The 18th Australasian Database Conference, Ballarat, Australia, January 29th–2nd February.Google Scholar
- Al-Fedaghi, S. (2006a). Anatomy of Personal Information Processing: Application to the EU Privacy Directive, Inter. Conf. on Business, Law and Technology (IBLT 2006), Copenhagen, December..Google Scholar
- Al-Fedaghi, S. (2006b). Aspects of Personal Information Theory, 7th, The Seventh Annual IEEE Information Assurance Workshop (IEEE-IAW), West Point, NY: US Military Academy, June 20–23.Google Scholar
- Al-Fedaghi, S. (2005). How to Calculate the Information Privacy, The Third Annual Conference on Privacy, Security and Trust, St. Andrews, New Brunswick, Canada.Google Scholar
- Ashley P., Hada S., Karjoth G., Powers C., and Schunter, M. Enterprise Privacy Authorization Language, W3C Submission 10 November 2003. http://www.w3.org/Submission/EPAL/.
- Byun, J. Bertino, E. and Li, N. (2005). Purpose Based Access Control of Complex Data for Privacy Protection, SACMAT’05, June 1–3, 2005, Stockholm, Sweden.Google Scholar
- Cranor, L.F. Web Privacy with P3P, 2002, O’Reilly & Associateshttp://p3pbook.com/examples.html.
- Cover, R. (Editor), Extensible Access Control Markup Language (XACML), October 10, 2006. http://xml.coverpages.org/xacml.html#v20CD.
- EU Directive (1995). DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, 24 October. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML.
- Hogben, G. A technical analysis of problems with P3P v1.0 and possible solutions, “Future of P3P” workshop, Virginia, USA, 12–13 November, 2002. http://www.w3.org/2002/p3p-ws/pp/jrc.html.
- OECD (1980). Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.Org/document/18/0,2340,en_2649_34255_l815186_1_1_1_1,00.html.
- P3P (2002). The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, The World Wide Web Consortium, April 16, 2002, http://www.w3.org/p3p/.
- Thibadeau, R., A Critique of P3P: Privacy on the Web, Aug 23, 2000 (Postscript, April 20, 2004). http://dollar.ecom.cmu.edu/p3pcritique/#postscript.
- W3C Working Draft 10, The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, February 2006. http://www.w3.org/TR/P3P11/.