Skip to Main Content
Privacy in business processes for providing personalized services is currently a matter of trust. Business processes require the disclosure of personal data to third parties and users are not able to control their usage and so their further disclosure. Existing privacy-enhancing technologies consider access control but not usage control of personal data. The current work on usage control mainly considers formalization of usage rules, i.e. obligations, and their enforcement by using the mechanisms of digital rights management, secure logging of access requests for ex post enforcement, and non-linkable delegation of access rights to personal data. However, either these enforcement mechanisms do not consider a disclosure of personal data to third parties or they assume trustworthy data consumers or data providers. We investigated digital watermarking as a way of enforcing obligations for further disclosure of personal data without mandatory trust in service providers.