A Proxy for Privacy: the Discreet Box

Abstract

The issue of user privacy is constantly brought to the spotlight since an ever increasing number of online services collects and processes personal information from users, in the context of personalized service provision. Although technology makes the collection of data easy, their protection against abuse is left to data protection legislation. However, the privacy requirements, other than being general and abstract terms to be regarded as legislature issues, should be brought down in the technological reality and carefully accounted for in devising technical solutions. In order to limit the disclosure and avoid the misuse of personal data, this paper discusses an architectural proposal for a middleware system that will enforce protection of user privacy through technical means. This goal is facilitated by a combination of a policy framework, a sensible interpretation of regulations into policies and the introduction of a privacy broker, named the discreet box.