Article

Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep

Authors:

Günter Karjoth,

Matthias Schunter,

Els Van HerreweghenAuthors Info & Claims

POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks

Page 135

Published: 04 June 2003 Publication History

Publisher Site

Abstract

Enterprises advertise privacy promises using the W3CPlatform for Privacy Preferences (P3P). These privacypromises define what recipients can obtain what collecteddata for what purpose. Internally, enterprises can use fine-grainedprivacy practices such as defined by the Platformfor Enterprise Privacy Practices (E-P3P) to enforce privacy.These internal privacy policies should guarantee andenforce the promises made to the customers. Since privacypractices reflect business internals, they can changefrequently. As a consequence, it can be challenging to keepthe promises up-to-date with the actual practices. To enableup-to-date privacy promises, we describe a methodology forenterprises to promise what they can keep. This is doneby automatically transforming E-P3P privacy practices intocorresponding P3P privacy promises that reflect the actualenterprise-internal behavior. These P3P promises can thenbe published on a regular basis. Whenever the internalpolicies change, the P3P promises can easily be updatedas well.

Cited By

View all

Butin DLe Métayer DMatteucci IMori PPetrocchi M(2015)A guide to end-to-end privacy accountabilityProceedings of the First International Workshop on TEchnical and LEgal aspects of data pRIvacy10.5555/2821464.2821472(20-25)Online publication date: 16-May-2015
https://dl.acm.org/doi/10.5555/2821464.2821472
Le Métayer DBertino ESandhu RBauer LPark J(2013)Privacy by designProceedings of the third ACM conference on Data and application security and privacy10.1145/2435349.2435361(95-104)Online publication date: 18-Feb-2013
https://dl.acm.org/doi/10.1145/2435349.2435361
Hu YWu WYang J(2011)Semantics-enabled policies for information sharing and protection in the cloudProceedings of the Third international conference on Social informatics10.5555/2050728.2050760(198-211)Online publication date: 6-Oct-2011
https://dl.acm.org/doi/10.5555/2050728.2050760
Show More Cited By

Index Terms

Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies
  2. Professional topics
    1. Management of computing and information systems
      1. Information system economics

Recommendations

From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise
NSPW '02: Proceedings of the 2002 workshop on New security paradigms

Regulations and consumer backlash force many organizations to re-evaluate the way they manage private data. As a first step, they publish privacy promises as text or P3P. These promises are not backed up by privacy technology that enforces the promises ...
Privacy from promises to protection: privacy guaranteeing execution container

Privacy issues are becoming more and more important especially since the cyber and the real world are converging up to certain extent when using mobile devices. Means that really protect privacy are still missing. The problem is, as soon as a user ...
A privacy framework: indistinguishable privacy
EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 Workshops

In this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks

June 2003

ISBN:0769519334

Publisher

IEEE Computer Society

United States

Publication History

Published: 04 June 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Butin DLe Métayer DMatteucci IMori PPetrocchi M(2015)A guide to end-to-end privacy accountabilityProceedings of the First International Workshop on TEchnical and LEgal aspects of data pRIvacy10.5555/2821464.2821472(20-25)Online publication date: 16-May-2015
https://dl.acm.org/doi/10.5555/2821464.2821472
Le Métayer DBertino ESandhu RBauer LPark J(2013)Privacy by designProceedings of the third ACM conference on Data and application security and privacy10.1145/2435349.2435361(95-104)Online publication date: 18-Feb-2013
https://dl.acm.org/doi/10.1145/2435349.2435361
Hu YWu WYang J(2011)Semantics-enabled policies for information sharing and protection in the cloudProceedings of the Third international conference on Social informatics10.5555/2050728.2050760(198-211)Online publication date: 6-Oct-2011
https://dl.acm.org/doi/10.5555/2050728.2050760
Hu YYang JAkerkar R(2011)A semantic privacy-preserving model for data sharing and integrationProceedings of the International Conference on Web Intelligence, Mining and Semantics10.1145/1988688.1988700(1-12)Online publication date: 25-May-2011
https://dl.acm.org/doi/10.1145/1988688.1988700
Guarda PZannone N(2009)Towards the development of privacy-aware systemsInformation and Software Technology10.1016/j.infsof.2008.04.00451:2(337-350)Online publication date: 1-Feb-2009
https://dl.acm.org/doi/10.1016/j.infsof.2008.04.004
Métayer D(2009)A Formal Privacy Management FrameworkFormal Aspects in Security and Trust10.1007/978-3-642-01465-9_11(162-176)Online publication date: 5-Apr-2009
https://dl.acm.org/doi/10.1007/978-3-642-01465-9_11
Masoumzadeh AJoshi J(2008)PuRBACProceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems10.1007/978-3-540-88873-4_12(1104-1121)Online publication date: 9-Nov-2008
https://dl.acm.org/doi/10.1007/978-3-540-88873-4_12
Schunter MWaidner M(2007)Simplified privacy controls for aggregated servicesProceedings of the 7th international conference on Privacy enhancing technologies10.5555/1779330.1779344(218-232)Online publication date: 20-Jun-2007
https://dl.acm.org/doi/10.5555/1779330.1779344
Salim FSheppard NSafavi-Naini R(2007)Enforcing P3P policies using a digital rights management systemProceedings of the 7th international conference on Privacy enhancing technologies10.5555/1779330.1779343(200-217)Online publication date: 20-Jun-2007
https://dl.acm.org/doi/10.5555/1779330.1779343
Antón ABertino ELi NYu T(2007)A roadmap for comprehensive online privacy policy managementCommunications of the ACM10.1145/1272516.127252250:7(109-116)Online publication date: 1-Jul-2007
https://dl.acm.org/doi/10.1145/1272516.1272522
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise

Privacy from promises to protection: privacy guaranteeing execution container

A privacy framework: indistinguishable privacy

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations