Dismantling the Twelve Privacy Purposes

  • Sabah Al-Fedaghi
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 238)


Purpose appears in all privacy guidelines, codes, policies, and legislations. It plays a central role in many privacy-related systems such as P3P, Hippocratic databases, EPAL, and XACML. We show that the P3P 12 standard purposes mix uses of personal information with acts on personal information and mix uses of personal information privacy with other states of affairs that have several interpretations. Some purposes are not even strongly privacy-related purposes. In this paper, P3P is singled out as the object of study; however, the implication applies similarly to other projects. We propose to use chains of information handling that let the user exercise more control on the use of his/her PI and allow the personal information gatherer to excise more control on the processing and accessing of information in its procession.


Personal Information Email Message Privacy Preference Informational Privacy Current Transaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    Agrawal, R. Kiernan, J. Srikant, R. and Xu, Y. (2002). Hippocratic databases. In The 28th International Conference on Very Large Databases (VLDB), Hong Kong, China, August.Google Scholar
  2. [2]
    Al-Fedaghi, S. (2007). Beyond Purpose-Based Privacy Access Control. The 18th Australasian Database Conference, Ballarat, Australia, January 29th–2nd February.Google Scholar
  3. [3]
    Al-Fedaghi, S. (2006a). Anatomy of Personal Information Processing: Application to the EU Privacy Directive, Inter. Conf. on Business, Law and Technology (IBLT 2006), Copenhagen, December..Google Scholar
  4. [4]
    Al-Fedaghi, S. (2006b). Aspects of Personal Information Theory, 7th, The Seventh Annual IEEE Information Assurance Workshop (IEEE-IAW), West Point, NY: US Military Academy, June 20–23.Google Scholar
  5. [5]
    Al-Fedaghi, S. (2006c). Personal Information Model for P3P, W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006, Ispra/Italy.Google Scholar
  6. [6]
    Al-Fedaghi, S. (2005). How to Calculate the Information Privacy, The Third Annual Conference on Privacy, Security and Trust, St. Andrews, New Brunswick, Canada.Google Scholar
  7. [7]
    Ashley P., Hada S., Karjoth G., Powers C., and Schunter, M. Enterprise Privacy Authorization Language, W3C Submission 10 November 2003.
  8. [8]
    Byun, J. Bertino, E. and Li, N. (2005). Purpose Based Access Control of Complex Data for Privacy Protection, SACMAT’05, June 1–3, 2005, Stockholm, Sweden.Google Scholar
  9. [9]
    Cranor, L.F. Web Privacy with P3P, 2002, O’Reilly & Associates
  10. [10]
    Cover, R. (Editor), Extensible Access Control Markup Language (XACML), October 10, 2006.
  11. [11]
  12. [12]
    Hogben, G. A technical analysis of problems with P3P v1.0 and possible solutions, “Future of P3P” workshop, Virginia, USA, 12–13 November, 2002.
  13. [13]
    OECD (1980). Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.Org/document/18/0,2340,en_2649_34255_l815186_1_1_1_1,00.html.
  14. [14]
    P3P (2002). The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, The World Wide Web Consortium, April 16, 2002,
  15. [15]
    Thibadeau, R., A Critique of P3P: Privacy on the Web, Aug 23, 2000 (Postscript, April 20, 2004).
  16. [16]
    W3C Working Draft 10, The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, February 2006.

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Sabah Al-Fedaghi
    • 1
  1. 1.Computer Engineering DepartmentKuwait UniversitySafatKuwait

Personalised recommendations