Abstract
P3P provides a standard means for Web sites to disclose their privacy policies when they need users’ personal data for processing. A user can then decide whether or not to provide personal data to the sites based on the disclosed policies. The decision process can also be made automatic through an agent or browser via the privacy preferences set by the user. As can be seen, however, this mechanism cannot guarantee that Web sites do act according to their policies once they have obtained user’s personal data. In light of this, we proposed a new technical and legal approach, called Online Personal Data Licensing (OPDL). The idea is that the use of a person’s data must be authorized by the person through the issue of data licenses. Licenses can then be checked to prevent personal data from being misused. This paper focuses on the implementation of OPDL. As P3P provides a standard format for expressing privacy practices about personal data, we use it here to implement data licenses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: Platform for Privacy Preference (P3P). In: W3C Recommendations (2002), Retrieved from http://www.w3c.org/TR/P3P/
EPIC, Junkbuster: Pretty poor privacy: An assessment of p3p and internet privacy (2000), http://www.epic.org/reports/prettypoorprivacy.html
Isenberg, D.: The GigaLaw—Guide to Internet Law. Random House Trade Paperbacks (2002)
Cha, S.C., Joung, Y.J.: Online Personal Data Licensing. In: Proceedings of the 3rd International Conference of Law and Technology (LAWTECH2002), pp. 28–33 (2002)
TRUSTe: (2002), Retrieved from http://www.truste.org
Benassi, P.: TRUSTe: an online privacy seal program. Communications of the ACM 42, 56–59 (1999)
for Economic Cooperation, O., (OECD), D.: Guidelines on the protection of privacy and transborder flows of personal data. Committee for Information, Computer, and Communication Policy (1980)
U.S. Federal Trade Commission: Privacy online: a report to congress (1998), Retrieved from http://www.ftc.gov/reports/privacy3/index.htm
U.S. Department OF Commerce: Safe harbor privacy principles (2000), http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm
European Comission: Platform for privacy preferences and the open profiling standard. Draft opinion of the working party on the protection of individuals with regard to the processing of personal data (1998), http://www.epic.org/privacy/internet/ecp3p.html
World-Wide Web Consortium: W3C publishes first public working draft of P3P 1.0 (1998), http://www.w3.org/Press/1998/P3P
Hensley, P., Metral, M., Shardanand, U., Converse, D., Meyers, M.: Proposal for an open profiling standard. In: W3 Consortium (1997), available as http://www.w3.org/TR/NOTE-OPS-FrameWork.html
Kristol, D.M.: HTTP Cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology (TOIT) 1, 151–198 (2001)
W3C: Removing data transfer from P3P (1999), Retrieved from http://www.w3c.org/P3P/data-transfer.html
US Department of Defense: Trusted Computer System Evaluation Criteria. Technical Report 5200.28, US Department of Defense (1985)
Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World. Prentice Hall, Englewood Cliffs (2002) ISBN: 0-13-046019-2
Calder, A., Watkins, S.: IT Governance: Data Security & BS 7799/ISO 17799. Kogan Page Ltd. (2002) ISBN: 0-7494-3845-2
Cranor, L., Langheinrich, M., Zurich, E.: A P3P Preference Exchange Language 1.0 (APPEL1.0). In: W3C Working Draft (2002), Retrieved August 20, (2002) from http://www.w3c.org/TR/P3P-preferences.html
Boyer, J.: Canonical XML. W3C Recommendation Version 1.0, W3C (2001)
Sonera Plaza Ltd MediaLab: Digital Rights Management white paper. Technical report, Sonera Plaza Ltd. (2002), http://www.medialab.sonera.fi
Microsoft Corporation: Windows Media Rights Manager 9 series - Live DRM. Technical report, Microsoft Corporation White Paper (2002), http://www.microsoft.com/windows/windowsmedia/drm/livedrm.pdf
IBM Corporation: Electronic Media Management System. Technical report, IBM Corporation (2000), http://www-1.ibm.com/industries/media/pdf/emms_brochure_in_english.pdf
Ayars, J.: XMCL - the eXtensible Media Commerce Language. W3c note, W3C (2002)
ContentGuard: XrML 2.1 overview. Technical report, ContentGard (2002)
Lessig, L.: Code and other Laws of Cyberspace. Basic Books, New York (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cha, SC., Joung, YJ. (2003). From P3P to Data Licenses. In: Dingledine, R. (eds) Privacy Enhancing Technologies. PET 2003. Lecture Notes in Computer Science, vol 2760. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40956-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-40956-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20610-1
Online ISBN: 978-3-540-40956-4
eBook Packages: Springer Book Archive