A model for privacy policy agreement in online services

Today, several online services are provided for free in exchange for the users private information/interaction online. It is common for these services on the internet to also act as data warehouse, gathering the usage information and all interaction of its users. The collection and dissemination of the data is governed by the service provider's privacy policy, which users must agree to prior to using the service. Once agreed to the policy, the user no longer has any say in regard to how the service provider uses the data. In this paper, we propose a model for 3 parties policy architecture that allows the consumer, the data warehouse, and a 3rd party service provider that want to use the data stored by the data warehouse to negotiate the privacy policy and the need to access the data. We propose an application architecture utilizing this policy model, and discuss how it can be used. Lastly, we discuss the dataset we perform simulation experiment on, and our findings.

[1]  Yufei Tao,et al.  M-invariance: towards privacy preserving re-publication of dynamic datasets , 2007, SIGMOD '07.

[2]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[3]  Traian Marius Truta,et al.  Protection : p-Sensitive k-Anonymity Property , 2006 .

[4]  Anas Abou El Kalam,et al.  Personal data anonymization for security and privacy in collaborative environments , 2005, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, 2005..

[5]  Adam Meyerson,et al.  On the complexity of optimal K-anonymity , 2004, PODS.

[6]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[7]  Matt Bishop,et al.  Privacy aware data sharing: balancing the usability and privacy of datasets , 2009, PETRA '09.

[8]  Samir Khuller,et al.  Achieving anonymity via clustering , 2006, PODS '06.

[9]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[10]  David J. DeWitt,et al.  Workload-aware anonymization , 2006, KDD '06.

[11]  Alan J. Broder Data Mining, the Internet, and Privacy , 1999, WEBKDD.

[12]  David J. DeWitt,et al.  Incognito: efficient full-domain K-anonymity , 2005, SIGMOD '05.

[13]  Li Xiong,et al.  Towards Application-Oriented Data Anonymization , 2008 .

[14]  Chris Clifton,et al.  Hiding the presence of individuals from shared databases , 2007, SIGMOD '07.

[15]  Ashwin Machanavajjhala,et al.  Worst-Case Background Knowledge for Privacy-Preserving Data Publishing , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[16]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[17]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[18]  Larry Kerschberg,et al.  Virtual organization security policies: An ontology-based integration approach , 2007, Inf. Syst. Frontiers.