Policy Negotiation System Architecture for Privacy Protection

Data sharing and information exchange have grown exponentially with the information explosion in the last few years. More and more data are being shared among different type of users residing in different places, performing different kinds of tasks for different kinds of services. However, these technological advances pose a serious risk on individuals ´privacy rights. In this paper, we consider a problem of monopolistic information management technologies. Most service providers have an access to any information. Even though the information is really a personal data, service providers can access to it merely with the user´s first subscription. In order to limit the disclosure and avoid the misuse of personal data, this paper discusses an architectural proposal for a policy negotiation system. This proposed architecture mediates among the three actors: the users, the service providers and the law. The central unit of the proposed architecture is a policy negotiation engine. A negotiation engine undertakes the enforcement of user´s privacy preference, by matching the service provider´s disclosure policy and user´s privacy policy. Several additional components assigned with supporting functional tasks complement the architecture, while the formal definition of personal data type and services type. This architecture provides more powerful right to each user. Finally, this paper discusses the formalization how users can express their privacy preferences and how regulations can be expressed in this system.