Abstract
In our information society with processing of personal data in almost all areas of life, the legally granted right to privacy is quite hard to preserve. User-controlled identity management systems have been proposed as a means to manage one’s own private sphere. Still there is no functioning concept how privacy protection can be effectively safeguarded over a long time period and how self-determination in the field of privacy can be maintained in all stages of life from the womb to the tomb. When user control and the capability to exercise rights can not yet or no longer be carried out by the data subject herself, the decisions concerning the processing of personal data may have to be delegated to a delegate. In this text, we elaborate on delegation of privacy-relevant actions under a lifelong perspective and point out possible legal, technological, and organizational measures to appropriately take up the arising challenges. For crucial gaps in current concepts we sketch solutions and explain implications on user-controlled identity management systems. Finally we give recommendations to stakeholders such as data controllers, application designers and policy makers.
The research leading to these results has received funding from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 216483. The information in this document is provided “as is”, and no guarantee or warranty is given that the information is fit for any particular purpose. The above referenced consortium members shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials subject to any liability which is mandatory due to applicable law.
Chapter PDF
Similar content being viewed by others
Keywords
References
Clauß, S., Hansen, M., Pfitzmann, A., Raguse, M., Steinbrecher, S.: Tackling the Challenge of Lifelong Privacy. In: Cunningham, P., Cunningham, M. (eds.) Proceedings of eChallenges 2009 (2009)
Storf, K., Hansen, M., Raguse, M. (eds.): Requirements and Concepts for Identity Management throughout Life. Deliverable H1.3.5 of the FP7 project PrimeLife, Zurich/Kiel 2009 (2009), http://www.primelife.eu/results/documents/
Pham, Q., Reid, J., McCullagh, A., Dawson, E.: On a Taxonomy of Delegation. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009, IFIP International Federation for Information Processing. IFIP AICT, vol. 297, pp. 353–363. Springer, Boston (2009)
Crispo, B.: Delegation of Responsibilities. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 118–124. Springer, Heidelberg (1999)
Hansen, M., Pfitzmann, A., Steinbrecher, S.: Identity Management throughout One’s Whole Life. Information Security Technical Report 13, 2 (May 2008), pp. 83–94 (2008)
Hansen, M., Fischer-Hübner, S., Pettersson, J.S., Bergmann, M.: Transparency Tools for User-Controlled Identity Management. In: Cunningham, P., Cunningham, M. (eds.) Expanding the Knowledge Economy: Issues, Applications, Case Studies – Proceedings of eChallenges 2007, pp. 1360–1367. IOS Press, Amsterdam (2007)
Leenes, R., Schallaböck, J., Hansen, M.: PRIME White Paper V3 – Privacy and Identity Management for Europe (2008), https://www.prime-project.eu/prime_products/whitepaper/
O’Gorman, L.: Comparing Passwords, Tokens, and Biometrics for User Authentication. Proceedings of the IEEE 91(12), 2019–2040 (2003)
Leenes, R. (ed.): ID-related Crime: Towards a Common Ground for Interdisciplinary Research. FIDIS Deliverable D5.2b, Frankfurt, Germany (2006), http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp5-del5.2b.ID-related_crime.pdf
Article 29 Data Protection Working Party: Opinion 5/2009 on Online Social Networking. Working Paper 163. 01189/09/EN, adopted on June 12, 2009, Brussels, Belgium (2009), http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp163_en.pdf
Article 29 Data Protection Working Party: Opinion 2/2009 on the Protection of Children’s Personal Data (General Guidelines and the Special Case of Schools). Working Paper 160, 398/09/EN, adopted on February 11, 2009. Brussels, Belgium (2009), http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp160_en.pdf
Peeters, R., Simoens, K., De Cock, D., Preneel, B.: Cross-Context Delegation through Identity Federation. In: Brömme, A., Busch, C., Hühnlein, D. (eds.) BIOSIG 2008. LNI, vol. 137, pp. 79–92. GI, Köllen Verlag, Bonn, Germany (2008)
Joint Proposal for a Draft of International Standards on the Protection of Privacy with regard to the processing of Personal Data. Madrid Resolution of the 31st International Conference of the Data Protection and Privacy Commissioners, adopted on November 5 (2009), https://www.agpd.es/portalweb/canaldocumentacion/conferencias/common/pdfs/31_conferencia_internacional/estandares_resolucion_madrid_en.pdf
Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S.: A Delegation Framework for Federated Identity Management. In: Proceedings of the ACM CCS 2005 Workshop on Digital Identity Management, New York, NY, USA, pp. 94–103 (2005)
Alrodhan, W., Mitchell, C.J.: A Delegation Framework for Liberty. In: Haggerty, J., Merabti, M. (eds.) Proceedings of the 3rd Conference on Advances in Computer Security and Forensics (ACSF 2008), Liverpool, UK, pp. 67–73 (2008)
Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 175–190. Springer, Heidelberg (2006)
Wohlgemuth, S.: Privatsphäre durch die Delegation von Rechten. Vieweg+Teubner, Wiesbaden, Germany (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP
About this paper
Cite this paper
Hansen, M., Raguse, M., Storf, K., Zwingelberg, H. (2010). Delegation for Privacy Management from Womb to Tomb – A European Perspective. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2009. IFIP Advances in Information and Communication Technology, vol 320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14282-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-14282-6_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14281-9
Online ISBN: 978-3-642-14282-6
eBook Packages: Computer ScienceComputer Science (R0)