On Privacy-compliant Disclosure of Personal Data to Third Parties using Digital Watermarking

Privacy in business processes for providing personalized services is currently a matter of trust. Business processes require the disclosure of personal data to third parties and users are not able to control their usage and so their further disclosure. Existing privacy-enhancing technologies consider access control but not usage control of personal data. The current work on usage control mainly considers formalization of usage rules, i.e. obligations, and their enforcement by using the mechanisms of digital rights management, secure logging of access requests for ex post enforcement, and non- linkable delegation of access rights to personal data. However, either these enforcement mechanisms do not consider a disclosure of personal data to third parties or they assume trustworthy data consumers or data providers. We investigate on digital watermarking as a way of enforcing obligations for further disclosure of personal data without mandatory

[1]  Michael Waidner,et al.  Privacy-enabled services for enterprises , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[2]  Birgit Pfitzmann,et al.  Asymmetric fingerprinting , 1996 .

[3]  Günter Müller,et al.  Privacy with Delegation of Rights by Identity Management , 2006, ETRICS.

[4]  Siani Pearson,et al.  An Adaptive Privacy Management System for Data Repositories , 2005, TrustBus.

[5]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[6]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[7]  Christian Schaefer,et al.  Usage Control Enforcement: Present and Future , 2008, IEEE Security & Privacy.

[8]  Heiko Mantel,et al.  Information Flow Control and Applications - Bridging a Gap , 2001, FME.

[9]  Tran Khanh Dang SECURITY PROTOCOLS FOR OUTSOURCING DATABASE SERVICES , 2006 .

[10]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[11]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[12]  Radha Poovendran,et al.  Protecting patient privacy against unauthorized release of medical images in a group communication environment. , 2005, Computerized medical imaging and graphics : the official journal of the Computerized Medical Imaging Society.

[13]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[14]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[15]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[16]  Ingemar J. Cox,et al.  Digital Watermarking and Steganography , 2014 .