TY - GEN
T1 - Privacy policies, tools and mechanisms of the future
AU - Naessens, Vincent
AU - Sandikkaya, Mehmet Tahir
AU - Lapon, Jorn
AU - Verslype, Kristof
AU - Verhaeghe, Pieter
AU - Nigusse, Girma
AU - De Decker, Bart
PY - 2009
Y1 - 2009
N2 - Although many believe that we have lost the battle for privacy, protection of what's left of the user's privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.
AB - Although many believe that we have lost the battle for privacy, protection of what's left of the user's privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.
UR - http://www.scopus.com/inward/record.url?scp=76549132713&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-05437-2_12
DO - 10.1007/978-3-642-05437-2_12
M3 - Conference contribution
AN - SCOPUS:76549132713
SN - 9783642054365
T3 - IFIP Advances in Information and Communication Technology
SP - 125
EP - 138
BT - iNetSec 2009 - Open Research Problems in Network Security
PB - Springer New York LLC
ER -