Aus Aifbportal
Wechseln zu:Navigation, Suche
A Data-centric View on Expressing Privacy Policies

Published: 2012 Januar
Institution: Institut AIFB, KIT
Erscheinungsort / Ort: Karlsruhe


Services often depend on data about users to work at all (e.g. providing quotes for health insurance) or to improve their quality (e.g. product recommendation systems). Storing and giving access to data owned by third parties is in many cases even the core task of services, e.g., for social networks or cloud storage providers. Privacy is an important concern, as users still want to control usage and distribution of their data. Enabled by Internet technologies, services are often provided by dynamically created and frequently changing groups of cooperating providers. This leads to a situation, where often no single entity has a complete view of the process operating on a user’s data. In consequence, it is difficult to check compliance of such a process with the user’s privacy policy. As an alternative model, we propose a data-centric view on privacy policies, that are attached to data artefacts and are self-contained descriptions of the allowed actions to be performed. Such policies can be passed together with the artefacts to subproviders. A key challenge of such policies is to express restrictions on the policies of derived artefacts, which can also be subject to privacy constraints.

Download: Media:Speiser data centric policies tr 2012.pdf


Graduiertenkolleg IME