1.
Introduction ^
2.
Social Requirements ^
3.
Architecture, Design and Implementation ^
3.1.
End-User Verification Tool ^
3.2.
Privacy Rule Definition Language ^
[DataController] {MUST, MAY} {VIEW, ADD, DELETE, MODIFY, STORE, ACTION}
[Data Object] (FOR) [Purpose]
Rule 3: EurA MAY process name, address, mobile number, FOR customer identification
rule "Access to name, address and mobile number"
when
$r : Request (dataprocessor.getAuth == "EurA"
&& modality.get() == "may"
&& requesteddata.isEqual("name,address,mobilenr")
&& purpose.getPurpose() == "customer identification")
then
$r.grantAccess();
end
4.
Conclusions ^
5.
Acknowledgment ^
6.
Literature ^
[1] Boyd, D. M., & Ellison, N. B., Social network sites: Definition, history, and scholarship, Journal of Computer-Mediated Communication, 13(1), article 11 (2007).
[2] Årnes, A., Skorstad, J., Paarup Michelsen, L. H., Social Network Services and Privacy, A case study of Facebook, (2011).
[3] Pollach, I., The scope and depth of privacy statements on business-to-consumer websites, Proceedings to IADIS International Conference WWW/Internet, Pages: 1171 – 1174, (2003).
[4] McDonald, A.M., Faith Cranor, L., The Cost of Reading Privacy Policies, ACM Transactions on Computer-Human Interaction, Volume: 4, Issue: 3, Pages: 1-22 (2008).
[5] Anderson, R., It’s a Jungle Out There, Data IQ Journal, Summer (2011).
[6] Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
[7] ENDORSE Project, Legal Technical Framework for Privacy Preserving Data Management, FP7, http://ict-endorse.eu/, (2012).
[8] Van der Hof, S., Van den Berg, B., D2.2, Social Requirements and Implications, ENDORSE Project, (2011).
[9] Kurz, T., Rücker C., Lampoltshammer T., Heistracher, T., D3.2, Privacy Rule Definition Language - Preliminary Specification, ENDORSE Project, (2011).
[10] Kurz, T., Rücker C., Lampoltshammer T., Heistracher, T., D4.3, Rule Engine – Preliminary Implementation, ENDORSE Project, (2011).
[11] Hansen, M., Putting privacy pictograms into practice: A European perspective. In GI Jahrestagung, edited by Fischer, S., Maehle, E., and Reischuk, R. GI, Volume 154: 1703-1716, (2009).
[12] OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html, (1980).
[13] Backes M., Pfitzmann B., Schunter, M., A toolkit for managing enterprise privacy policie, European Symposium on Research in Computer Security (ESORICS), pages 101–119. Springer Lecture Notes in Computer Science 2808 (2003).
[14] Jone, R., Tahr, D., An overview of EU data protection rules on use of data collected online, Computer Law & Security Review 27 (6), P. 630–636, (2011)
[15] Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P., A privacy-aware access control system, Journal of Computer Security, 16(4):369-397, (2008).
[16] Yague, M.I., Survey on XML-Based Policy Languages for Open Environments, Journal of Information, Assurance and Security 1, P. 11-20, (2006).
[17] Al-Fedaghi, S., Dismantling the Twelve Privacy Purposes, IFIP International Federation for Information, Processing, Volume 238, Pages 207-222, (2007).
[18] Rundle, M., International Data Protection and Digital Identity Management Tools, Presentation given at the Privacy Workshop I of IGF 2006, Athens (2006).
[19] Holtz, L. E., Nocun, K., Hansen, M., Towards Displaying Privacy Information with Icons, Privacy and Identity Management for Life, IFIP Advances in Information and Communication Technology, Volume 352/2011, 338-348, (2011).
[20] PrimeLife – Privacy and Identity Management in Europe for Life, http://www.primelife.eu/, last accessed on 22/06/2011.
[21] Amazon Privacy Notice, last accessed on 10.01.2012, http://www.amazon.com/gp/help/customer/display.html/ref=hp_551434_privacy?nodeId=468496.
[22] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
[23] Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services.
[24] TouchGraph, http://www.touchgraph.com/navigator, last accessed on 10.01.2012.