Translating privacy practices into privacy promises - how to promise what you can keep

Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks Pub Date : 2003-06-04 DOI:10.1109/POLICY.2003.1206967

G. Karjoth, M. Schunter, E. V. Herreweghen

{"title":"Translating privacy practices into privacy promises - how to promise what you can keep","authors":"G. Karjoth, M. Schunter, E. V. Herreweghen","doi":"10.1109/POLICY.2003.1206967","DOIUrl":null,"url":null,"abstract":"Enterprises advertise privacy promises using the W3C Platform for Privacy Preferences (P3P). These privacy promises define what recipients can obtain what collected data for what purpose. Internally, enterprises can use fine-grained privacy practices such as defined by the Platform for Enterprise Privacy Practices (E-P3P) to enforce privacy. These internal privacy policies should guarantee and enforce the promises made to the customers. Since privacy practices reflect business internals, they can change frequently. As a consequence, it can be challenging to keep the promises up-to-date with the actual practices. To enable up-to-date privacy promises, we describe a methodology for enterprises to promise what they can keep. This is done by automatically transforming E-P3P privacy practices into corresponding P3P privacy promises that reflect the actual enterprise-internal behavior. These P3P promises can then be published on a regular basis. Whenever the internal policies change, the P3P promises can easily be updated as well.","PeriodicalId":391947,"journal":{"name":"Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"51","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2003.1206967","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 51

Abstract

Enterprises advertise privacy promises using the W3C Platform for Privacy Preferences (P3P). These privacy promises define what recipients can obtain what collected data for what purpose. Internally, enterprises can use fine-grained privacy practices such as defined by the Platform for Enterprise Privacy Practices (E-P3P) to enforce privacy. These internal privacy policies should guarantee and enforce the promises made to the customers. Since privacy practices reflect business internals, they can change frequently. As a consequence, it can be challenging to keep the promises up-to-date with the actual practices. To enable up-to-date privacy promises, we describe a methodology for enterprises to promise what they can keep. This is done by automatically transforming E-P3P privacy practices into corresponding P3P privacy promises that reflect the actual enterprise-internal behavior. These P3P promises can then be published on a regular basis. Whenever the internal policies change, the P3P promises can easily be updated as well.

查看原文本刊更多论文

将隐私实践转化为隐私承诺——如何承诺你能做到的

企业使用W3C隐私首选项平台(P3P)宣传隐私承诺。这些隐私承诺定义了哪些接收方可以获得哪些收集的数据，用于哪些目的。在内部，企业可以使用细粒度的隐私实践，例如企业隐私实践平台(E-P3P)定义的隐私实践来加强隐私。这些内部隐私政策应该保证和执行对客户的承诺。由于隐私实践反映了业务内部，因此它们可能经常变化。因此，将承诺与实际实践保持同步可能是一项挑战。为了支持最新的隐私承诺，我们描述了一种方法，用于企业承诺他们可以保留的内容。这是通过自动将E-P3P隐私实践转换为相应的反映实际企业内部行为的P3P隐私承诺来实现的。然后可以定期发布这些P3P承诺。每当内部策略发生变化时，P3P承诺也可以轻松更新。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks

自引率

0.00%

发文量