Abstract
This paper proposes a conceptual model for privacy policies that takes into account privacy requirements arising from different stakeholders, with legal, business and technical backgrounds. Current approaches to privacy management are either high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or low-level, focusing on the technical implementation of access controls to personal data held by an enterprise. High-level approaches tend to address privacy as an afterthought in ordinary business practice, and involve ad hoc enforcement practices; low-level approaches often leave out important legal and business considerations focusing solely on technical management of privacy policies. Hence, neither is a panacea and the low level approaches are often not adopted in real environments. Our conceptual model provides a means to express privacy policy requirements as well as users’ privacy preferences. It enables structured reasoning regarding containment and implementation between various policies at the high level, and enables easy traceability into the low-level policy implementations. Thus it offers a means to reason about correctness that links low-level privacy management mechanisms to stakeholder requirements, thereby encouraging exploitation of the low-level methods. We also present the notion of a consent and revocation policy. A consent and revocation policy is different from a privacy policy in that it defines not enterprise practices with regards to personal data, but more specifically, for each item of personal data held by an enterprise, what consent preferences a user may express and to what degree, and in what ways he or she can revoke their personal data. This builds on earlier work on defining the different forms of revocation for personal data, and on formal models of consent and revocation processes. The work and approach discussed in this paper is currently carried out in the context of the UK collaborative project EnCoRe (Ensuring Consent and Revocation).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Mont, M.C.: On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices. In: Proceedings of W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, Ispra, Italy, October 17-18 (2006)
Mont, M.C., Pearson, S., Kounga, G., Shen, Y., Bramhall, P.: On the Management of Consent and Revocation in Enterprises: Setting the Context. Technical Report HPL-2009-49, HP Labs, Bristol (2009)
Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.M., Schunter, M., Stampley, D.A., Wenning, R.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. World Wide Web Consortium Note NOTEP3P11-20061113 (2006)
Mont, M.C., Thyne, R.: Privacy Policy Enforcement in Enterprises with Identity Management Solutions. In: PST 2006 (2006)
OASIS, eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, June 20-22, pp. 41–50. ACM, New York (2007)
Ferrini, R., Bertino, E.: A Comprehensive Approach for Solving Policy Heterogeneity. In: ICEIS 2009 -Proceedings of the 11th International Conference on Enterprise Information Systems, Milan, Italy, May 6-10, pp. 63–68 (2009)
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. In: Proceedings of Fifth International Summer School on Privacy and Identity Management for Life, Nice, France, September 7-11 (2009)
IBM, The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Vaniea, K., Karat, C., Gross, J.B., Karat, J., Brodie, C.: Evaluating assistance of natural language policy authoring. In: Proc. SOUPS 2008, vol. 337 (2008)
IBM, REALM project, http://www.zurich.ibm.com/security/publications/2006/REALM-at-IRIS2006-20060217.pdf
OASIS, eContracts Specification v1.0 (2007), http://www.oasis-open.org/apps/org/workgroup/legalxml-econtracts
Travis, D., Breaux, T., Antón, A.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)
W3C, The Platform for Privacy Preferences, v1.0 (2002), http://www.w3.org/TR/P3P/
Kenny, S., Borking, J.: The Value of Privacy Engineering. Journal of Information, Law and Technology (JILT) 1 (2002), http://elj.warwick.ac.uk/jilt/02-/kenny.html
Organization for Economic Co-operation and Development (OECD), Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data, OECD, Geneva (1980)
Borking, J.: Privacy Rules: A Steeple Chase for Systems Architects (2007), http://www.w3.org/2006/07/privacy-ws/papers/04-borking-rules/
Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://www-dse.doc.ic.ac.uk/research/policies/index.shtml
PRIME, Privacy and Identity Management for Europe (2008), http://www.prime-project.org.eu
IBM: Sparcle project, http://domino.research.ibm.com/comm/research_projects.nsf/pages/sparcle.index.html
The GRC-GRID, The Governance, Risk Management and Compliance Global Rules Information Database, http://www.grcroundtable.org/grc-grid.htm
Archer: Compliance Management solution, http://www.archer-tech.com
Pearson, S., Sander, T., Sharma, R.: A Privacy Management Tool for Global Outsourcing. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939. Springer, Heidelberg (2010)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A Privacy-Aware Access Control System. Journal of Computer Security, JCS (2008)
Westin, A.: Privacy and Freedom. Athenaeum, New York (1967)
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: The Logic of Consent and Revocation (2010) (submitted)
Samarati, P., De Capitani di Vimercati, S.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
Bonatti, P., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: An Access Control Model for Data Archives. In: Proc. of the 16th International Conference on Information Security, Paris, France (June 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Casassa Mont, M., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N. (2011). A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In: Fischer-HĂĽbner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)