Information Technology Reference
In-Depth Information
Figure 2. Controlling data usage at the service provider
research focuses on usability issues, such as how
to avoid that users grow tired of repeatedly giving
their interactive consent to the transmission of
their personal data to various service providers.
Those usability aspects can be compared to how
web browser users are asked about previously
unknown server certificates for HTTPS access
to web servers: The users must be made aware
of security and privacy issues without harassing
them when asking for their informed consent.
has been used. However, because an SP may not
log all data access or eventually even lie about
how the PII has been used, it is hard to reliably
verify whether all privacy preferences have really
been met from the user's perspective, which often
remains a weak spot of technical implementations.
Privacy management systems, such as EPAL
(Powers & Schunter, 2003), are typically also
policy-based. Access to user data by any appli-
cation is handled by a privacy PEP as shown in
Figure 2. A PDP decides whether the application
and its operator are allowed to access a particular
user attribute for a given purpose. Thus, the key
difference to traditional access control is the ad-
ditional consideration of the purpose behind the
data access. For example, an employee in the
billing department may retrieve the user's postal
address to send an invoice, while the marketing
department must not access the address in order
to avoid unsolicited advertisements.
Controlling Data Usage
Complementary to the privacy management com-
ponents on the IDP side, which have been described
in the previous section, the SP, which retrieves
the user data, also needs a privacy management
infrastructure to ensure that such personal data is
only used for the purposes agreed to by the user.
Enhanced solutions additionally provide interfaces
to the users, so that they can look up how their PII
Search WWH ::




Custom Search