A Framework for Privacy Preferences and Data-Handling Policies

This paper presents SecPALP, a language for specifying both users' preferences on how their personally identifiable information (PII) should be treated by data-collecting services, and services' policies on treating collected PIIs. Preferences and policies are specified in terms of granted rights and required obligations, expressed as assertions and queries in an instance of SecPAL (a language originally developed for decentralized authorization). This paper further presents a formal definition of satisfaction between a policy and a preference, and a satisfaction checking algorithm. Based on the latter, a protocol is described for disclosing PIIs between users and services, as well as between third-party services.

A Framework for Privacy Preferences and Data-Handling Policies 2009-09-28.pdf
PDF file

Publisher  Microsoft Research
© 2009 Microsoft Corporation. All rights reserved.

Details

TypeTechReport
NumberMSR-TR-2009-128
> Publications > A Framework for Privacy Preferences and Data-Handling Policies