By Topic

Translating privacy practices into privacy promises - how to promise what you can keep

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
G. Karjoth ; IBM Zurich Res. Lab., Switzerland ; M. Schunter ; E. Van Herreweghen

Enterprises advertise privacy promises using the W3C Platform for Privacy Preferences (P3P). These privacy promises define what recipients can obtain what collected data for what purpose. Internally, enterprises can use fine-grained privacy practices such as defined by the Platform for Enterprise Privacy Practices (E-P3P) to enforce privacy. These internal privacy policies should guarantee and enforce the promises made to the customers. Since privacy practices reflect business internals, they can change frequently. As a consequence, it can be challenging to keep the promises up-to-date with the actual practices. To enable up-to-date privacy promises, we describe a methodology for enterprises to promise what they can keep. This is done by automatically transforming E-P3P privacy practices into corresponding P3P privacy promises that reflect the actual enterprise-internal behavior. These P3P promises can then be published on a regular basis. Whenever the internal policies change, the P3P promises can easily be updated as well.

Published in:

Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on

Date of Conference:

4-6 June 2003