Trust Mechanism for Enforcing Compliance to Secondary Data Use Contracts

In many research and business domains, there are efforts to develop systems that aggregate user data gathered by various data sources. This approach involves secondary sharing of user data and potentially benefits the user in terms of improved personalization and better experience. However, concerns regarding privacy arise when sharing user data with unknown third parties. These concerns can be alleviated at two stages: i) ensuring selective control of the applications to share user data with, and ii) monitoring and penalizing errant data consumers who violate the terms of their contractual agreement and potentially abuse user data. This paper addresses the second stage of data use contract enforcement. We propose a trust management mechanism for monitoring data consumers´ compliance to the contractual agreements for which data was shared with them. The trust mechanism is based on user complaints about suspected privacy violations and is able to identify the data consumers who are responsible. The framework penalizes the data consumer found guilty of violating its data use agreement by decreasing its trust value. This makes the data consumer less likely to be selected to receive user data, and limits its participation in the user data marketplace, forcing it to pay a higher price for purchase of user data.