Abstract
We introduce PriCL: the first framework for expressing and automatically reasoning about privacy case law by means of precedent. PriCL is parametric in an underlying logic for expressing world properties, and provides support for court decisions, their justification, the circumstances in which the justification applies as well as court hierarchies. Moreover, the framework offers a tight connection between privacy case law and the notion of norms that underlies existing rule-based privacy research. In terms of automation, we identify the major reasoning tasks for privacy cases such as deducing legal permissions or extracting norms. For solving these tasks, we provide generic algorithms that have particularly efficient realizations within an expressive underlying logic. Finally, we derive a definition of deducibility based on legal concepts and subsequently propose an equivalent characterization in terms of logic satisfiability.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, A.: A comparison of two privacy policy languages: EPAL and XACML (2005)
Annas, G.J.: Hipaa regulations-a new era of medical-record privacy? New England Journal of Medicine 348(15), 1486–1490 (2003)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). Submission to W3C (2003)
Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F. (eds.): The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press (2003)
Baader, F., Horrocks, I., Sattler, U.: Description Logics. In: Handbook of Knowledge Representation, ch. 3, pp. 135–180. Elsevier (2008)
Backes, M., Bendun, F., Hoffman, J., Marnau, N.: PriCL: Creating a Precedent. A Framework for Reasoning about Privacy Case Law (Extended Version) (2015), http://arxiv.org/abs/1501.03353
Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy. In: Proc. of Symposium on Applied Computing, pp. 375–382. ACM (2004)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: Proc. of S&P, p. 15. IEEE (2006)
Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: CSF, vol. 7, pp. 279–294 (2007)
Basin, D., Klaedtke, F., Marinovic, S., Zălinescu, E.: Monitoring compliance policies over incomplete and disagreeing logs. In: Qadeer, S., Tasiran, S. (eds.) RV 2012. LNCS, vol. 7687, pp. 151–167. Springer, Heidelberg (2013)
Basin, D.A., Klaedtke, F., Müller, S., Pfitzmann, B.: Runtime monitoring of metric first-order temporal properties. In: Proc. of FSTTCS, pp. 49–60 (2008)
Borgida, A.: On the relative expressiveness of description logics and predicate logics. Artificial Intelligence 82(1), 353–367 (1996)
Breaux, T.D., Antón, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. on Software Engineering 34(1), 5–20 (2008)
Cavoukian, A.: Privacy by design. Report of the Information & Privacy Commissioner Ontario, Canada (2012)
Datta, A., Blocki, J., Christin, N., DeYoung, H., Garg, D., Jia, L., Kaynar, D., Sinha, A.: Understanding and protecting privacy: formal semantics and principled audit mechanisms. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 1–27. Springer, Heidelberg (2011)
DeYoung, H., Garg, D., Kaynar, D., Datta, A.: Logical specification of the glba and hipaa privacy laws. CyLab, p. 72 (2010)
Duma, C., Herzog, A., Shahmehri, N.: Privacy in the semantic web: What policy languages have to offer. In: Proc. of POLICY, pp. 109–118. IEEE (2007)
European Commission. General data protection regulation, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
Garg, D., Jia, L., Datta, A.: Policy auditing over incomplete logs: theory, implementation and applications. In: Proc. of CCS, pp. 151–162. ACM (2011)
Gürses, S., Gonzalez Troncoso, C., Diaz, C.: Engineering privacy by design. Computers, Privacy & Data Protection (2011)
Karat, J., Karat, C.-M., Bertino, E., Li, N., Ni, Q., Brodie, C., Lobo, J., Calo, S., Cranor, L., Kumaraguru, P., Reeder, R.: Policy framework for security and privacy management. IBM Journal of Research and Development 53(2), 4 (2009)
Lämmel, R., Pek, E.: Understanding privacy policies. Empirical Software Engineering 18(2), 310–374 (2013)
Maffei, M., Pecina, K., Reinert, M.: Security and privacy by declarative design. In: Proc. of CSF, pp. 81–96. IEEE (2013)
Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J., Trombeta, A.: Privacy-aware role-based access control. Proc. of TISSEC 13(3), 24 (2010)
Office for Civil Rights, U.S. Department of Health and Human Services. Summary of the HIPAA privacy rule (2003)
Oh, S.E., Chun, J.Y., Jia, L., Garg, D., Gunter, C.A., Datta, A.: Privacy-preserving audit for broker-based health information exchange. In: Proc. of Data and Application Security and Privacy, pp. 313–320. ACM (2014)
Schmidt-Schauß, M., Smolka, G.: Attributive concept descriptions with complements. Artificial Intelligence 48(1), 1–26 (1991)
Sen, S., Guha, S., Datta, A., Rajamani, S.K., Tsai, J., Wing, J.M.: Bootstrapping privacy compliance in big data systems. In: Proc. of S& P
Tschantz, M.C., Datta, A., Wing, J.M.: Formalizing and enforcing purpose restrictions in privacy policies. In: Proc. of S& P, pp. 176–190. IEEE (2012)
United States Congress. Financial services modernization act of 1999 (2010)
United States federal law. Children’s Online Privacy Protection Act (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Backes, M., Bendun, F., Hoffmann, J., Marnau, N. (2015). PriCL: Creating a Precedent, a Framework for Reasoning about Privacy Case Law. In: Focardi, R., Myers, A. (eds) Principles of Security and Trust. POST 2015. Lecture Notes in Computer Science(), vol 9036. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46666-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-662-46666-7_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46665-0
Online ISBN: 978-3-662-46666-7
eBook Packages: Computer ScienceComputer Science (R0)