Enforceable Privacy Promises

An increasing number of enterprises need access to private data of their customers. To gain these data they usually make privacy promises to customers in many different ways. The point card is one of the most well-known examples of such a privacy promise. Even if customers agree to the collection they do know if the collected data are misused. Only a few of these privacy promises can be automatically enforced. This limits the application of privacy technology, and may prevent the full exploitation of e-commerce. This talk argues that most existing privacy enhancing technology (PET) will fail, since the real threat is not the control of access but the control of the usage of collected data. While "access control" section of security and privacy is well understood, it is unclear of how to do "usage control". A solution for usage control will be explained by elaborating on the data collected with a point card. role. Point cards encompass a "black and while" and one-sided privacy policy which the issuer has decided to comply with. Some policies are subject to slightly different privacy regulations in Europe, as well as in Japan and the US. In its technical challenges these regulations resemble the efforts for compliance, where promises to shareholders, employees and customers regarding transparency of financial behaviour have to be made transparent for later audit. While all efforts of access control technology are directed to the past, the technologies to enforce the provisions now and in the future are called obligations. Present day privacy technologies ensure provisions to a very good extend, they fail however as far as obligations are concerned. Concepts for a life cycle management system for collecting and handling private data are shown as well as the at present algebraically complete privacy tool, called ExPDT (extended privacy definition tool) which forms the guidelines for the enforcement of privacy promises in the "future store" of a large retailer. Compariso- - n of policies, for example, allows the customer to move from one store to another. Conjunction, composition and reasoning based upon policy provisions and obligations allows the observation of sophisticated privacy policies.