Abstract
Data is rapidly changing how companies operate, offering them new business opportunities as they generate increasingly sophisticated insights from the analysis of an ever-increasing pool of information. Businesses have clearly moved beyond a focus on data collection to data use, but users have an inadequate model of notice and consent at the point of data collection to limit inappropriate use. An interoperable context-aware metadata-based architecture that allows permissions and policies to be bound to data, and is flexible enough to allow for changing trust norms, help balance the tension between users and business, satisfy regulators’ desire for increased transparency and greater accountability, and still enable data to flow in ways that provide value to all participants in the ecosystem.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
When multiple parties have rights to the same data, these rights may conflict or result in restrictions that that could potentially render new and innovative uses of such data difficult or impossible. We later discuss how policies may be reconciled in cases of conflict.
“Interoperable identity service” denotes identity-management services that agree, at a minimum, to compatible assurance levels, exchange protocols, and data formats to enable cross-platform authentication and authorization of digital identities.
The US Federal Trade Commission National Do Not Call Registry is an example of a global user policy that allows users to choose whether to receive telemarketing calls at home.
References
Ashley, P., Powers, C., & Schunter, M. (2002). From privacy promises to privacy management: A new approach for enforcing privacy throughout an enterprise (pp. 43–50). Virginia Beach: New Security Paradigms Workshop.
Bohrer, K., Liu, X., Kesdogan, D., Schonberg, E., Singh, M., & Spraragen, S. L. (2001). Personal information management and distribution. The Fourth International Conference on Electronic Commerce Research (ICECR-4), (pp. 1–14). Dallas, TX.
Bohrer, K., Levy, S., Liu, X., & Schonberg, E. (2003). Individualized privacy policy based access control. Proceedings 6th International Conference on Electronic Commerce Research (ICECR-6). Dallas, Texas.
Bus, J., & Nguyen, M.-H. (2013). Personal data management—a structured discussion. In M. Hildebrandt, K. O’Hara, & M. Waidner (Eds.), Digital enlightenment yearbook 2013: The value of personal data (pp. 270–287). Amsterdam: Ios Press.
Casassa Mont, M., Pearson, S., & Bramhall, P. (2003). Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. Bristol: HP Laboratories.
Cisco. (2014). Cisco visual networking index: Global mobile data traffic forecast update, 2013–2018. Cisco.
Cranor, L. (2003). P3P: making privacy policies more useful. IEEE Security and Privacy, 1(6), 50–55.
European Commission. (2012). General data protection regulation. Brussels: European Commission.
IDC (2011). IDC Predictions 2012: Competing for 2020. IDC.
Nguyen, M.-H., Haynes, P., Maguire, S., & Friedberg, J. (2013). A user-centred approach to the data dilemma: Context, architecture, and policy. In M. Hildebrandt, K. O’Hara, & M. Waidner (Eds.), Digital enlightenment yearbook 2013: The value of personal data (pp. 227–242). Amsterdam: Ios Press.
Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79(1). Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=534622.
Nissenbaum, H. (2011). A contextual approach to privacy online. Daedalus, The Journal of the American Academy of Arts & Sciences, 140(4), 32–48.
President’s Council of Advisors on Science and Technology. (2010). Report to the president: Realizing the full potential of health information technology to improve healthcare for Americans: The path forward. Washington: Executive Office of the President.
PrimeLife. (2011). Project fact Sheet. Retrieved from http://primelife.ercim.eu/about/factsheet.
Searls, D. (2012). The intention economy: When customers take charge. Boston: Harvard Business Review Press.
TNS Opinion & Social. (2011). Special Eurobarometer 359: Attitudes on data protection and electronic identity in the European union. Brussels: European Commission. Retrieved from http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf.
Whitley, E. (2013). Towards effective consent-based control of personal data. In Digital enlightenment yearbook 2013: The value of personal data (pp. 165–176). Amsterdam: Ios Press.
Author information
Authors and Affiliations
Corresponding author
Additional information
Responsible Editor: Sarah Spiekermann
Rights and permissions
About this article
Cite this article
Maguire, S., Friedberg, J., Nguyen, MH.C. et al. A metadata-based architecture for user-centered data accountability. Electron Markets 25, 155–160 (2015). https://doi.org/10.1007/s12525-015-0184-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12525-015-0184-z