Summary (3 min read)
- Data protection law regulates the processing of information related to individual persons, including their collection, storage, dissemination etc.
- A brief historical overview over privacy regulation and PET is given in : Starting in the 1970ies, regulatory regimes were put on computers and networks.
- Starting with government data processing, along the lines of computerization of communication and workflows, explicit rules like the European Data Protection Directive  have been put in place.
- Most of these criteria, including schemes like Datenschutz-Gütesiegel , provide checklists with questions for the auditors.
- Privacy policies are sometimes used by organizations that collect and process personal information.
2.1 Business decision-making and privacy technology
- For any deployment of PET into information systems, the effectiveness of the PET measure against threats is important .
- In the computer science field, several contributions provide information theoretic models for anonymity, identifiability or the linkability of data, e.g. in or in .
- Both papers build mathematical models that are rather impractical for usage in the evaluation of large-scale information systems.
2.2 Inadequacy of Technical Privacy Strategies
- Public surveys indicate that privacy is a major concern for people using the Internet .
- One attempt to address privacy concerns and thereby increase user trust in the Web is the W3C’s Platform for Privacy Preferences (P3P) Project .
- Detractors say that P3P does not go far enough to protect privacy.
- Originally the iPrivacy software generated a one-off credit card number for each transaction.
- The user accesses the Web via a Lumeria proxy server, which shields their identity from merchants and marketing companies whilst enabling marketing material that matches their profile to be sent to them.
2.3 Inadequacy of Specifying Privacy Policies
- Many data controllers specify privacy policies that can be accessed from the interface where personal information is being collected or where consent to do so is given.
- Users are normally required to accept the policies by ticking a box, which all but very few do in a semi-automatic fashion.
- This will be explained in further detail below.
- This would enable users or authorities to audit systems and applications where personal information is being processed, and to determine whether they adhere to applicable privacy policies.
- By making it mandatory to always have policy metadata associated with personal information, it becomes a universal principle for referencing privacy policies.
- Their approach, however, assumes that the underlying hardware platform, and the software running on it, are so-called trustworthy systems based on the Trusted Computing specification.
3.1 The Technical Framework
- The metadata does not need to contain any additional personal information, because that would be irrelevant for potential audits of policy adherence.
- The organizations must then find a solution for associating the personal information with metadata stored elsewhere.
- It can be noted that their scheme has similarities with the scheme for electronic signature policies described in  where a specific signature policy has a globally unique reference which is bound to the signature by the signer as part of the signature calculation.
3.2 The Policy Framework
- It is very difficult for users to understand privacy policies when each organization specifies a different policy and when typical policies are 10 pages or more.
- The combination of rules into specific profiles can be denoted as the PRP (Privacy Rules Profile) framework.
- In international trade law, the Incoterms  offer a widely used catalogue of specific contract terms that can be quoted when buying or selling goods.
- A number of IPR licensing issues regarding open source software can be easily regulated by referring to specific predefined licenses.
- By having limited set of standardized policies, it would be possible for users to become educated and familiar with what the respective policies actually mean, and the level of protection they provide.
3.3 The Management Framework
- Organizations would need to manage their privacy policies according to strict criteria, and define a way guaranteeing their integrity and authenticity.
- This can e.g. be achieved by letting independent third parties sign hashes of each particular policy or policy profile which would allow changes in policies or profiles to be noticed, or to deposit the privacy policies with independent third parties such as national information commissioners and data protection inspectorates.
- Organizations will also need to define processes for creating metadata and to adapt applications where personal information is being processed so that the metadata can be appropriately handled during storage, transfer and processing.
3.4 The Legal Framework
- This approach could also be complemented with respective changes to the legal framework as e.g. through , in order to provide incentives for its adoption.
- This could be seen as an extension of the purpose specification principle mentioned above, according to which personal data can only be collected for specified, explicit and legitimate purposes and not further processed for other purposes.
- An additional element might be that that certain classes of privacy policies could be mandatorily deposited with a respective national or regional data protection authority, and that the metadata points to the deposited copies of the privacy policies, who might also assess a policy’s compliance with the applicable law.
- This might enhance the possibilities for auditors to review data controllers with regard to the personal information that that they process.
- The current approach to ensuring personal information privacy on the Internet is ineffective in providing privacy protection in the age of distributed, networked services.
- The approach described in this paper changes the way privacy policies can be specified by service providers, and compliance be verified by auditors or users.
- By providing certified template policies, users gain oversight of policies that have been verified.
- At the same time, auditors can verify system states against policy claims.
Did you find this useful? Give us your feedback
...However, this information is often ‘hidden’ in free text full of technical terms, that users typically refuse to read [8, 72]....
Related Papers (5)
Frequently Asked Questions (2)
Remaining challenges, such as the international synchronization of policy templates, the reliable, auditable and secure implementation of personal data handling with policies, and the creation of the default policies and their supervision and archival, need to be further researched.