Delegation for Privacy Management from Womb to Tomb – A European Perspective

  • Marit Hansen
  • Maren Raguse
  • Katalin Storf
  • Harald Zwingelberg
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 320)


In our information society with processing of personal data in almost all areas of life, the legally granted right to privacy is quite hard to preserve. User-controlled identity management systems have been proposed as a means to manage one’s own private sphere. Still there is no functioning concept how privacy protection can be effectively safeguarded over a long time period and how self-determination in the field of privacy can be maintained in all stages of life from the womb to the tomb. When user control and the capability to exercise rights can not yet or no longer be carried out by the data subject herself, the decisions concerning the processing of personal data may have to be delegated to a delegate. In this text, we elaborate on delegation of privacy-relevant actions under a lifelong perspective and point out possible legal, technological, and organizational measures to appropriately take up the arising challenges. For crucial gaps in current concepts we sketch solutions and explain implications on user-controlled identity management systems. Finally we give recommendations to stakeholders such as data controllers, application designers and policy makers.


lifelong privacy user-controlled identity management delegation of privacy incapability to exercise rights privacy by delegate 


  1. 1.
    Clauß, S., Hansen, M., Pfitzmann, A., Raguse, M., Steinbrecher, S.: Tackling the Challenge of Lifelong Privacy. In: Cunningham, P., Cunningham, M. (eds.) Proceedings of eChallenges 2009 (2009)Google Scholar
  2. 2.
    Storf, K., Hansen, M., Raguse, M. (eds.): Requirements and Concepts for Identity Management throughout Life. Deliverable H1.3.5 of the FP7 project PrimeLife, Zurich/Kiel 2009 (2009),
  3. 3.
    Pham, Q., Reid, J., McCullagh, A., Dawson, E.: On a Taxonomy of Delegation. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009, IFIP International Federation for Information Processing. IFIP AICT, vol. 297, pp. 353–363. Springer, Boston (2009)Google Scholar
  4. 4.
    Crispo, B.: Delegation of Responsibilities. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 118–124. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Hansen, M., Pfitzmann, A., Steinbrecher, S.: Identity Management throughout One’s Whole Life. Information Security Technical Report 13, 2 (May 2008), pp. 83–94 (2008)Google Scholar
  6. 6.
    Hansen, M., Fischer-Hübner, S., Pettersson, J.S., Bergmann, M.: Transparency Tools for User-Controlled Identity Management. In: Cunningham, P., Cunningham, M. (eds.) Expanding the Knowledge Economy: Issues, Applications, Case Studies – Proceedings of eChallenges 2007, pp. 1360–1367. IOS Press, Amsterdam (2007)Google Scholar
  7. 7.
    Leenes, R., Schallaböck, J., Hansen, M.: PRIME White Paper V3 – Privacy and Identity Management for Europe (2008),
  8. 8.
    O’Gorman, L.: Comparing Passwords, Tokens, and Biometrics for User Authentication. Proceedings of the IEEE 91(12), 2019–2040 (2003)CrossRefGoogle Scholar
  9. 9.
    Leenes, R. (ed.): ID-related Crime: Towards a Common Ground for Interdisciplinary Research. FIDIS Deliverable D5.2b, Frankfurt, Germany (2006),
  10. 10.
    Article 29 Data Protection Working Party: Opinion 5/2009 on Online Social Networking. Working Paper 163. 01189/09/EN, adopted on June 12, 2009, Brussels, Belgium (2009),
  11. 11.
    Article 29 Data Protection Working Party: Opinion 2/2009 on the Protection of Children’s Personal Data (General Guidelines and the Special Case of Schools). Working Paper 160, 398/09/EN, adopted on February 11, 2009. Brussels, Belgium (2009),
  12. 12.
    Peeters, R., Simoens, K., De Cock, D., Preneel, B.: Cross-Context Delegation through Identity Federation. In: Brömme, A., Busch, C., Hühnlein, D. (eds.) BIOSIG 2008. LNI, vol. 137, pp. 79–92. GI, Köllen Verlag, Bonn, Germany (2008)Google Scholar
  13. 13.
    Joint Proposal for a Draft of International Standards on the Protection of Privacy with regard to the processing of Personal Data. Madrid Resolution of the 31st International Conference of the Data Protection and Privacy Commissioners, adopted on November 5 (2009),
  14. 14.
    Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S.: A Delegation Framework for Federated Identity Management. In: Proceedings of the ACM CCS 2005 Workshop on Digital Identity Management, New York, NY, USA, pp. 94–103 (2005)Google Scholar
  15. 15.
    Alrodhan, W., Mitchell, C.J.: A Delegation Framework for Liberty. In: Haggerty, J., Merabti, M. (eds.) Proceedings of the 3rd Conference on Advances in Computer Security and Forensics (ACSF 2008), Liverpool, UK, pp. 67–73 (2008)Google Scholar
  16. 16.
    Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 175–190. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Wohlgemuth, S.: Privatsphäre durch die Delegation von Rechten. Vieweg+Teubner, Wiesbaden, Germany (2008)Google Scholar

Copyright information

© IFIP 2010

Authors and Affiliations

  • Marit Hansen
    • 1
  • Maren Raguse
    • 2
  • Katalin Storf
    • 1
  • Harald Zwingelberg
    • 1
  1. 1.Unabhängiges Landeszentrum für Datenschutz Schleswig-HolsteinKielGermany
  2. 2.Ministerium für Arbeit, Soziales und Gesundheit Schleswig-HolsteinKielGermany

Personalised recommendations