Abstract
Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Antón, A.I., Earp, J.B., Reese, A.: Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy. In: IEEE Computer Society (ed.) Proceedings of the IEEE Joint International Requirements Engineering Conference 2002, September 9-13, pp. 605–612. IEEE Computer Society, Essen (2002)
Ardagna, C.A., Bussard, L., De Capitani di Vimercati, S., Neven, G., Pedrini, E., Paraboschi, S., Preiss, F., Samarati, P., Trabelsi, S., Verdicchio, M.: Primelife policy language (November 2009)
Bygrave, L.A.: Data Protection Law, Approaching its Rationale, Logic and Limits. Information Law Series, vol. 10, pp. 57–68. Kluwer Law International, Dordrecht (2002)
Carey, P.: Data protection: a practical guide to UK and EU law. Oxford University Press, Oxford (2004)
Mont, M.C., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications (DEXA’03), p. 377. IEEE Computer Society, Los Alamitos (2003)
Cavoukian, A., Crompton, M.: Web Seals: A Review of Online Privacy Programs. In: A Joint Project of The Office of the Information and Privacy Commissioner/Ontario and The Office of the Federal Privacy Commissioner of Australia, Venice (September 2000), http://www.ipc.on.ca/english/pubpres/papers/seals.pdf
European Comission. Directive 2002/58/EC of the European Parliament and of the council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Technical report (July 12, 2002)
Cranor, L., et al.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation (April 16, 2002), http://www.w3.org/TR/P3P/
Diaz, C.: Profiling Game (2005)
Diaz, C., Preneel, B.: Anonymous communication. In: Swedish Institute of Computer Science (ed.) WHOLES - A Multiple View of Individual Privacy in a Networked World, Stockholm, January 30 (2004)
Dutton, P.: Trust Issues in E-Commerce. In: Proceedings of the 6th Australasian Women in Computing Workshop, pp. 15–26. Griffith University, Brisbane (July 2000)
EC: Standard Contractual Clauses for the Transfer of Personal Data to Third Countries, Commission Decision 2004/915/EC of 27 December 2004. In: Official Journal L 385 of 29.12.2004. European Commission (2004)
European Council. Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (November 23, 1995)
Fritsch, L.: Profiling and location-based services. In: Hildebrandt, M., Gutwirth, S. (eds.) Profiling the European Citizen - Cross-Disciplinary Perspectives, Dordrecht, April 2008, pp. 147–160 (2008)
Fritsch, L., Abie, H.: A Road Map to the Management of Privacy Risks in Information Systems. In: Gesellschaft f. Informatik (GI) (ed.) Konferenzband Sicherheit 2008. LNI, vol. 128, pp. 1–15. Gesellschaft für Informatik, Bonn (2008)
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein. Datenschutz-Gütesiegel (2003)
ICC. Incoterms 2000: ICC Official Rules for the Interpretation of Trade Terms. ICC Publication No.560, 2000 Edition (2000)
Koch, C.: Taxonomie von Location Based Services - Ein interdisziplinärer Ansatz mit Boundary Objects. PhD thesis, Johann Wolfgang Goethe - Universitt, Frankfurt am Main (2006)
Mazhelis, O., Puuronen, S.: Combining One-Class Classifiers for Mobile-User Substitution Detection. In: Proceedings of 6th International Conference on Enterprise Information Systems (ICEIS’04), Porto, pp. 130–137 (2004)
Mithal, M.: Illustrating B2C Complaints in the Online Environment. Presentation by the US Federal Trade Commission and Industry Canada, at the Joint Conference of the OECD, HCOPIL, ICC: Building Trust in the Online Environment: Business to Consumer Dispute Resolution (The Hague) (December 2000)
OECD - Organisation for Economice Co-Operation and Development. Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (September 23, 1980)
The Treasury Board of Canada. Privacy Impact Assessment Guidelines Version 2.0 - A Framework to Manage Privacy Risks (August 31, 2002)
Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)
Reding, V.: Privacy: the challenges ahead for the European Union (Keynote speech at the Data Proteciton Day), SPEECH/10/16. European Parliament, Brussels (January 28, 2010), http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/16
Ross, J., Pinkas, D.: Pope. N. RFC 3125 - Electronic Signature Policies. IETF (September 2001), http://www.rfc-editor.org/
Solove, D.: A taxonomy of privacy - GWU Law School Public Law Research Paper No.129. University of Pennsylvania Law Review 154(3), 477 (2006)
Steinbrecher, S., Köpsell, S.: Modelling Unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)
Cooperation Group Audit Strategy. Privacy Audit Framework under the new Dutch Data Protection Act (WBP). Technical report, Den Haag (December 19, 2000)
The Economist. The Coming Backlash in Privacy. The Economist Technology Quarterly (December 9, 2000)
Vila, T., Greenstadt, R., Molnar, D.: Why we cant be bothered to read privacy policies: models of privacy economics as a lemons market. In: Proceedings of the 5th International Conference on Electronic Commerce (ICEC’03), pp. 403–407. ACM Press, Pittsburgh (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jøsang, A., Fritsch, L., Mahler, T. (2010). Privacy Policy Referencing. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-15152-1_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15151-4
Online ISBN: 978-3-642-15152-1
eBook Packages: Computer ScienceComputer Science (R0)