250 likes | 262 Views
Explore the concept, benefits, and practical applications of Online Personal Data Licensing (OPDL) in safeguarding personal data privacy and rights, including demonstrations and licensing proposals.
E N D
From P3P to Data Licensing Cha, Shi-Cho (查士朝) and Joung, Yuh-zer (莊裕澤) Dept. of Information Management Nation Taiwan University, Taipei, Taiwan csc@mba.ntu.edu.tw joung@ccms.ntu.edu.tw
Outlines • Introduction • Concept and benefits of Online Personal Data Licensing (OPDL) • Demonstrations of OPDL • Conclusions 2
Introduction • Personal data are wildly used for different purposes. • Some are good for people • Personal data can also be abused, e.g. • Unsolicited commercial e-mail • Credit card fraud • Many countries have enacted laws to protect personal data. 3
Introduction (Cont’d) • The consent principle • There are different kinds of consent • Written consent can provide the strongest power of evidence • In the cyberspace, to consider the efficiency, passive consent is usually allowed and adopted • A Web site can only disclose its practices about personal data 4
We do not collect personal data We collect click-streams Policy 1 Policy 2 An Example of the Problem With Passive Consent It is hard for the person to prove that he does not know the Privacy Policy 2 ! Time 5
Framework of Online Personal Data Licensing (OPDL) • To concretize people’s consents by letting users issue licenses of collecting and using their data • Application and service providers must obtain a license from a person before collecting, processing, and using the person’s personal data. 6
Benefits of Using Licenses • Licenses can be shown while some personal data are used. 7
Benefits of Using Licenses (Cont’d) • Licenses can be used in auditing processes to prevent data misuse 8
Benefits of Using Licenses (Cont’d) • Licenses can be used as evidence to prove that a site has misused a person’s data. 9
More Benefits of OPDL • Permission to collect or use a person’s data is determined and given by the person himself/herself. • It also makes users begin to think about the damages when licensed data are misused when the users set their preferences • People can obtain more clear information about who have owned their personal data. 10
Licensing Proposal • The Licensing Proposal of OPDL is based on the P3P’s privacy policy • The main modification is adding security consideration into a proposal. • The security policy, risk assessment and controls against the risks can be provided. • The requester can be certified by a certification organization (e.g., based on BS7799/ ISO17799) • A TCSEC-like tag can be used 12
Example Licensing Proposal <?xml version="1.0" encoding="UTF-8" ?> <PROPOSAL ID="f3eb4bc166"> <POLICY name="Test Proposal" discuri="http://exampleshop/privacypolicy.html"> <ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP> </ENTITY> <SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"> <POLICY-TAG><MANDATORY></POLICY-TAG></SECURITY-POLICY> <DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP> <STATEMENT><PURPOSE><pseudo-analysis></pseudo-analysis></PURPOSE> <RETENTION><indefinitely></indefinitely></RETENTION> <DATA-GROUP><DATA ref="#user.name.nickname"></DATA></DATA-GROUP> </STATEMENT> </POLICY> <SIGNATURE algorithm="DSA"> MCwCFEC6jCCVmJoU/MNVLgkbOSHxTO8QAhRld6MRdFpi9MvtzD/f91U1aNC81g==</SIGNATURE> </PROPOSAL> The information about the requester of the proposal: <ENTITY> <DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP> </ENTITY> The requester’s security policy: <SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"> <POLICY-TAG><MANDATORY /></POLICY-TAG></SECURITY-POLICY> Which organization certifies the requester: <DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP> Data Requested: <STATEMENT><PURPOSE><pseudo-analysis></pseudo-analysis></PURPOSE> <RETENTION><indefinitely></indefinitely></RETENTION> <DATA-GROUP><DATA ref="#user.name.nickname"></DATA> </DATA-GROUP> </STATEMENT> 13
Proposal Processing • The PDL processes a proposal based on the data subject’s preferences • The preferences are based on APPEL. For each preference rule, it contains the following components: • Action taken when a rule is matching • The rule’s target • The rule is specified to what data • The rule is applied to whom • The requirement of certification • The security level requirement • The purposes constraints • The retention policies constraints 15
License Issuing • A decomposable license format is used: • Auditing or gate-keeping mechanism may only need part of a license. • If a person wishes to update some part of his issued license, the person can update necessary parts instead of reissuing the whole license. 20
An Example of a License <?xml version="1.0" encoding="UTF-8"?><LICENSE> <LICENSE-HEADER><LICENSER><NAME>CN=CSC, OU=CSC, O=CSC, L=Taipei, ST=Taipei, C=TW</NAME><CERT-ISSUER>CN=CSC, OU=CSC, O=CSC, L=Taipei, ST=Taipei, C=TW</CERT-ISSUER><CERT-SERIAL>1042957664</CERT-SERIAL></LICENSER><ISSUE-DATE>Sun Mar 16 00:11:22 CST 2003</ISSUE-DATE><ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP></ENTITY><SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"><POLICY-TAG><MANDATORY /></POLICY-TAG></SECURITY-POLICY><DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP></LICENSE-HEADER><LICENSE-BODY> <CLAUSE ID="f3f2731bb9"><STATEMENT><CONSEQUENCE>Gender</CONSEQUENCE><PURPOSE><current /><admin /><develop /><customization /></PURPOSE><RETENTION><indefinitely /></RETENTION><DATA-GROUP><DATA ref="#user.gender">Male</DATA></DATA-GROUP></STATEMENT><SIGNATURE algorithm="DSA">MCwCFBZYtH/xneRtEgVVjdCBCypfeWCVAhRWH8jm1xvETkYSfrrHNPpma2t9Uw== </SIGNATURE></CLAUSE> <CLAUSE ID="f3f2731bd8"><STATEMENT><CONSEQUENCE>Jobtitle</CONSEQUENCE><PURPOSE><develop /><customization /><tailoring /></PURPOSE><RETENTION><indefinitely /></RETENTION><DATA-GROUP><DATA ref="#user.jobtitle">Test</DATA></DATA-GROUP></STATEMENT><SIGNATURE algorithm="DSA">MC0CFCoA678dpmVlEaNnBwPfBmoDPmKYAhUAgrEg3BoVKiZVsWcx1Fo1dSOUUmU= </SIGNATURE></CLAUSE> </LICENSE-BODY></LICENSE> Header Clause 1 Clause 2 21
Conclusions • OPDL requires service providers to obtain licenses before collecting, processing and using their users’ data • Compared to P3P, OPDL not only lets individuals know the privacy practices of a Web site, but also enforce the practices. • OPDL brings the control of personal data back to the owner of data. • Licenses of OPDL can provide the same power of evidence as written consent 22
Questions? Contact information: csc@mba.ntu.edu.tw http://www.mba.ntu.edu.tw/~csc/ 23
Suggested Future Work • Legislation Requirement • To enhance the concept to other conditions (because Internet is not the only source that a enterprise can collect personal data). • Interface design • A more complex negotiation model (e.g., to enable a person to “sell” his/her personal data) 24