Using Purpose Lattices to Facilitate Customisation of Privacy Agreements

  • Wynand van Staden
  • Martin S. Olivier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4657)


Protecting the privacy of individuals demands that special care be taken with the handling of an individual’s personal information. Either the system should store as little or no user data at all, or it should protect access to the data in cases where it is necessary that data has to be stored. A common approach to the protection of PII (in a privacy aware system) is to associate a set of purposes with the PII which indicates the enterprise’s use of the data.

Purposes placed in a hierarchical structure (such as a lattice) can subsume each other, which can provide flexibility in the customisation of a privacy agreement. In this article the customisation of privacy agreements using purposes placed in a lattice is considered. In particular minimal acceptance levels, maximal acceptance levels, validation and invalidation of agreements with respect to purpose lattices are introduced.


Acceptance Level Preference Level Purpose Lattice Privacy Contract Privacy Agreement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th VLDB Conference, 2002, Hong Kong, China (2002)Google Scholar
  2. 2.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorisation language (EPAL 1.1). Technical report, International Business Machines Corporation (2003)Google Scholar
  3. 3.
    Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: SACMAT 2005, Stockholm, Sweden, June 2005, ACM Press, New York (2005)Google Scholar
  4. 4.
    Chaum, D.L.: Untraceable electronic mail, retrun addresses and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  5. 5.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences (P3P1.0) specification. Technical report, W3C (2002), Available at
  6. 6.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003, IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  7. 7.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  8. 8.
    Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  9. 9.
    Karjoth, G., Schunter, M.: A privacy policy model for enterprises. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, June 2002, Springer, Heidelberg (2002)Google Scholar
  10. 10.
    OASIS Access Control TC. OASIS extensible access control markup language (xacml) version 2.0. Technical report, OASIS (February 2005)Google Scholar
  11. 11.
    Oberholzer, H.J.G., Olvier, M.S.: Privacy contracts incorporated in a privacy protection framework. International Journal of Computer Systems Science and Engineering 21(1), 5–16 (2006)Google Scholar
  12. 12.
    OECD guidelines on the protection of privacy and transborder flows of personal data. Technical report, Organisation for Economic Co-operation and Development (1980)Google Scholar
  13. 13.
    Olivier, M.S.: A layered architecture for privacy-enhancing technologies. In: Eloff, J.H.P., Venter, H.S., Labuschagne, L., Eloff, M. (eds.) Proceedings of the Third Annual Information Security South Africa Conference (ISSA2003), Sandton, South Africa, July 2003, pp. 113–126 (2003)Google Scholar
  14. 14.
    Pfitzmann, A., Hansen, M.: Anonymity, unobservability, and pseudonymity: A consolidated proposal for terminology. Draft (July 2000)Google Scholar
  15. 15.
    Schunter, M., Ashley, P.: The platform for enterprise privacy practices. Technical report, IBM (2002)Google Scholar
  16. 16.
    van Staden, W.J.C., Olivier, M.S.: Purpose organisation. In: Proceedings of the fifth annual Information Security South Africa (ISSA) Conference, Sandton, June 2005, Johannesburg, South Africa (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Wynand van Staden
    • 1
  • Martin S. Olivier
    • 1
  1. 1.Information and Computer Security Architecture Research Group, University of Pretoria, PretoriaSouth Africa

Personalised recommendations