Abstract
Privacy is a complex issue which cannot be handled by exclusively technical means. The work described in this paper results from a multidisciplinary project involving lawyers and computer scientists with the double goal to (1) reconsider the fundamental values motivating privacy protection and (2) study the conditions for a better protection of these values by a combination of legal and technical means. One of these conditions is to provide to the individuals effective ways to convey their consent to the disclosure of their personal data. This paper focuses on the formal framework proposed in the project to deliver this consent through software agents.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL). Technical Report 3485, IBM (2003)
Backes, M., Durmuth, M., Karjoth, G.: Unification in privacy policy evaluation - translating EPAL into Prolog. In: Fifth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2004) (2004)
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)
Bibas, S.A.: A contractual approach to data privacy. Harvard Journal of Law and Public Policy, 17 (1994)
Breaux, T.D., Anton, A.I.: Analysing goal semantics for rights, permissions, and obligations. In: Sixth IEEE Int. Conference on Requirements Engineering (RE 2005) (2005)
Breaux, T.D., Anton, A.I.: Deriving semantics models from privacy principles. In: Sixth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2005) (2005)
Breaux, T.D., Anton, A.I.: Mining rule semantics to understand legislative compliance. In: ACM Workshop on Privacy in the Electronic Society (WPES 2005) (2005)
Brodie, C.A., Karat, C.-M., Karat, J.: An empirical study of natural language parsing of privacy policy rules using the Sparcle policy workbench. In: Symposium On Usable Privacy and Security (SOUPS) (2006)
Cederquist, J.G., Corin, R., Dekker, M., Etalle, S., den Hartog, J.: An audit logic for accountability. In: Sixth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2005) (2005)
Dehiyat, E.: Intelligent agents and intentionality: should we begin to think outside the box? Computer Law and Security Report 22(1), 472–482 (2006)
Etalle, S., Winsborough, W.: A posteriori compliance control. In: ACM Symposium on Access Control Models And Technologies (SACMAT 2007) (2007)
Finocchiaro, G.: Electronic contracts and software agents. Computer Law and Security Report 19(1), 20–24 (2003)
Gunter, C., May, M.J., Stubblebine, S.: A formal privacy system and its application to location based services. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 256–282. Springer, Heidelberg (2005)
Health Resources and Services Administration. Health Insurance Portability and Accountability Act. Public Law, 104–191 (1996)
Hildebrandt, M.: Profiling: from data to knowledge. DuD: Datenschutz und Datensicherheit 30(9), 548–552 (2006)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A policy language for distributed usage control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)
Karat, J., Karat, C.-M., Brodie, C.A., Feng, J.: Privacy in information technology: designing to enable privacy policy management in organizations. Int. Journal on Human-Computer Studies 63 (2005)
Karjoth, G., Schunter, M., Van Herreweghen, E.: Translating privacy practices into privacy promises - How to promise what you can keep. In: Fourth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2003) (2003)
Kerrigan, S., Law, K.H.: Logic-based regulation compliance-assistance. In: ICAIL 2003 (2003)
Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002)
Langheinrich, M.: Personal privacy in ubiquitous computing. Tools and system support. Dissertation Document ETH 16100 (2005)
Le Métayer, D., Monteleone, S.: Computer assisted consent for personal data processing. In: 3D LSPI Conference on Legal, Security and Privacy Issues in IT (2008)
Li, N., Yu, T., Anton, A.: A semantics-based approach to privacy languages. Technical Report 2003-28, CERIAS (2003)
May, M.J., Gunter, C., Lee, I.: Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: Computer Security Foundations Workshop (CSFW) (2006)
Park, J., Sandhu, R.: The UC ON ABC usage control model. ACM Transactions on Information and System Security (2004)
Powers, C., Adler, S., Wishart, B.: EPAL translation of the freedom of information and protection of privacy act. Technical Report Version 1.1, Tivoli Software, IBM (2004)
Rouvroy, A.: Privacy, data protection, and the unprecedented challenges of ambient intelligence. Social Science Research Network (2007)
The European Parliament and the Council of the European Union. UE directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities (1995)
Veldhuisen, A., Kohras, M., et al.: Analysis of privacy principles: Making privacy operational. Technical Report Version 2.0, International Security Trust and Privacy Alliance (May 2007)
W3C. Platform for privacy preferences (P3P). W3C recommendation. Technical report, W3C (2002), http://www.w3.org
Warren, S., Brandeis, L.: The right to privacy. Harvard Law Review, 193–220 (1890)
Yu, T., Li, N., Anton, A.I.: A formal semantics for P3P. In: ACM Workshop on Secure Web Services (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Le Métayer, D. (2009). A Formal Privacy Management Framework. In: Degano, P., Guttman, J., Martinelli, F. (eds) Formal Aspects in Security and Trust. FAST 2008. Lecture Notes in Computer Science, vol 5491. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01465-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-01465-9_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01464-2
Online ISBN: 978-3-642-01465-9
eBook Packages: Computer ScienceComputer Science (R0)