Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data

  • Günter Karjoth
  • Matthias Schunter
  • Michael Waidner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2482)


Enterprises collect a large amount of personal data about their customers. Even though enterprises promise privacy to their customers using privacy statements or P3P, there is no methodology to enforce these promises throughout and across multiple enterprises. This article describes the Platform for Enterprise Privacy Practices (E-P3P), which defines technology for privacy-enabled management and exchange of customer data. Its comprehensive privacy-specific access control language expresses restrictions on the access to personal data, possibly shared between multiple enterprises. E-P3P separates the enterprise-specific deployment policy from the privacy policy that covers the complete life cycle of collected data. E-P3P introduces a viable separation of duty between the three “administrators” of a privacy system: The privacy officer designs and deploys privacy policies, the security officer designs access control policies, and the customers can give consent while selecting opt-in and opt-out choices.


Access Control Privacy Policy Personal Data Data Subject Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Abrams. Renewed understanding of access control policies. In 16th National Computer Security Conference, pages 87–96, 1993.Google Scholar
  2. 2.
    K. Beznosov: Information Enterprise Architectures: Problems and Perspectives. School of Computer Science, PhD Thesis, Florida International University, June 2000.Google Scholar
  3. 3.
    P. Bonatti, E. Damiani, S. De Capitani di Vimercati, and P. Samarati. An access control system for data archives. In 16th IFIP-TC11 International Conference on Information Security. Paris, France, June 2001.Google Scholar
  4. 4.
    K. Bohrer and B. Holland (eds.): The Customer Profile Exchange (CPexchange) Specification; Version 1.0, International Digital Enterprise Alliance, October 20, 2000 (from
  5. 5.
    S. Fischer-Hübner: IT-Security and Privacy. Lecture Notes in Computer Science 1958, Springer-Verlag, 2001.zbMATHGoogle Scholar
  6. 6.
    S. Hada and M. Kudo. XML Access Control Language: Provisional Authorization for XML Documents, Tokyo Research Laboratory, IBM Research, October 16, 2000 (from
  7. 7.
    S. Jajodia, M. Kudo, and V S. Subrahmanian. Provisional authorization. In A. Ghosh, editor, E-commerce Security and Privacy, pages 133–159. Klu wer Academic Publishers, 2001. Also published in Workshop on Security and Privacy in E-Commerce (WSPEC), 2000.Google Scholar
  8. 8.
    G. Karjoth and M. Schunter. A Privacy Policy Model for Enterprises. In 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 2002.Google Scholar
  9. 9.
    M. Kudo and S. Hada. XML Document Security based on Provisional Authorizations. In 7th ACM Conference on Computer and Communications Security, pages 87–96, 2000.Google Scholar
  10. 10.
    C. J. McCollum, J. R. Messing, and L. Notargiacomo. Beyond the pale of MAC and DAC-defining new forms of access control. In IEEE Symposium on Security and Privacy, pages 190–200, 1990.Google Scholar
  11. 11.
    The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation, 16 April 2002 (from
  12. 12.
    R. Sandhu, E. Coyne, H. Feinstein, and C. Youman: Role-based Access Control Models, IEEE Computer, 28/2 (1996) 38–47.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Günter Karjoth
    • 1
  • Matthias Schunter
    • 1
  • Michael Waidner
    • 1
  1. 1.IBM Research, Zurich Research LaboratoryRüschlikonSwitzerland

Personalised recommendations