On Compound Purposes and Compound Reasons for Enabling Privacy
Wynand van Staden (University of Pretoria, South Africa)
Martin S. Olivier (University of Pretoria, South Africa)
Abstract: This paper puts forward a verification method for compound purposes and compound reasons to be used during purpose limitation.
When it is absolutely necessary to collect privacy related information, it is essential that privacy enhancing technologies (PETs) protect access to data - in general accomplished by using the concept of purposes bound to data. Compound purposes and reasons are an enhancement of purposes used during purpose limitation and binding and are more expressive than purposes in their general form. Data users specify their access needs by making use of compound reasons which are defined in terms of (compound) purposes. Purposes are organised in a lattice with purposes near the greatest lower bound (GLB) considered weak (less specific) and purposes near the least upper bound (LUB) considered strong (most specific).
Access is granted based on the verification of the statement of intent (from the data user) against the compound purpose bound to the data; however, because purposes are in a lattice, the data user is not limited to a statement of intent that matches the purposes bound to the data exactly - the statement can be a true reflection of their intent with the data. Hence, the verification of compound reasons against compound purposes cannot be accomplished by current published verification algorithms.
Before presenting the verification method, compound purposes and reasons, as well as the structures used to represent them, and the operators that are used to define compounds is presented. Finally, some thoughts on implementation are provided.
Keywords: Compound Purposes, Databases, Privacy Enhancing Technologies, Purpose Lattices, Purposes
Categories: E.m, K.4.m