Skip to main content
Springer Nature Link
Log in

My Data, Your Data, Our Data: Managing Privacy Preferences in Multiple Subjects Personal Data

  • Conference paper
Privacy Technologies and Policy (APF 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8450))

Included in the following conference series:

Abstract

The evolution of mobile devices, the success of social networks, and the digitalization of business/personal services have resulted in a huge and continuous production of Personal Data (PD). The creation of a balanced ecosystem of PD, where data act as the fuel for novel application scenarios, may drive the shift toward a user-centric paradigm, in which constraints should be imposed on the data usage, to protect the individuals’ privacy. The possibility for people to directly collect, manage and exploit PD introduces both technical and regulatory new issues in PD management. Uncertainty especially arises in the case of PD related to multiple subjects, e.g., containing identifiers referring to more than one person, each of which holds rights to control how these PD are treated. In this paper, we refer to this kind of valuable data as Multiple Subjects Personal Data (MSPD). The protection of MSPD in a user-centric paradigm is an undeniable requirement to ensure privacy to all MSPD right-holders. We discuss the relevance of MSPD, providing a technical approach to regulate their trusted management in a user-centric model context.

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 610853 (CoCo-Cloud) and the Registro.it funded project MobiCare.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
€32.70 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 52.74
Price includes VAT (France)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Al-Shaer, E.S., Hamed, H.H.: Firewall policy advisor for anomaly discovery and rule editing. In: IFIP/IEEE Integrated Network Management, pp. 17–30 (2003)

    Google Scholar 

  2. ARTICLE 29 DATA PROTECTION WP136, Opinion 04/2007 on the concept of Personal Data, http://goo.gl/8hO9m (last checked February 21, 2014)

  3. ARTICLE 29 WP191, Opinion 01/2012 on data protection reform proposals (2012), http://goo.gl/9tMKa (last checked February 21, 2014)

  4. ARTICLE 29 WP196, Opinion 05/2012 on Cloud Computing (2012), http://goo.gl/tvKNG (last checked February 21, 2014)

  5. ARTICLE 29 WP199, Opinion 08/2012 providing further input on the data protection reform discussion (2012), http://goo.gl/1AJXB (last checked February 21, 2014)

  6. Brandimarte, L., Acquisti, A., Loewenstein, G., Babcock, L.: Privacy concerns and information disclosure: An illusion of control hypothesis. In: CIST (2010)

    Google Scholar 

  7. Brodie, C., et al.: An Empirical Study of Natural Language Parsingof Privacy Policy Rules using the SPARCLE Policy Workbench. In: SOUPS. ACM (2006)

    Google Scholar 

  8. Brodie, C., et al.: The Coalition Policy Management Portal for PolicyAuthoring, Verification, and Deployment. In: POLICY, pp. 247–249 (2008)

    Google Scholar 

  9. Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and Languages for Privacy-Preserving Attribute-Based Authentication. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 34–52. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Chaum, D.: Blind signatures for untraceable payments. Advances in Cryptology Proceedings of Crypto 82(3), 199–203 (1983)

    MathSciNet  Google Scholar 

  11. Conti, R., Matteucci, I., Mori, P., Petrocchi M.: An Expertise-driven Authoring Tool of Privacy Policies for e-Health. Technical Report IIT TR-02/2014

    Google Scholar 

  12. de Montjoye, Y.A., Wang, S.S., Pentland, A.: On the trusted use of large-scale personal data. IEEE Data Eng. Bull. 35(4), 4, 5–8

    Google Scholar 

  13. Directive 95/46/EC of the European Parliament and of Council, Official Journal of the European Union, L281/31 (November 23, 1995)

    Google Scholar 

  14. Directive 2009/136/EC of the European Parliament and of the Council. Official Journal of the European Union, L337/11 (November 25, 2009)

    Google Scholar 

  15. Dunlop, N., et al.: Methods for conflict resolution in policy-based management systems. In: IEEE Enterprise Distributed Object Computing, pp. 98–109 (2003)

    Google Scholar 

  16. Hall-May, M., Kelly, T.: Towards conflict detection and resolution of safety policies. In: Intl. System Safety Conf. (2006)

    Google Scholar 

  17. Hardjono, T., Greenwood, D., Pentland, A.: Towards a Trustworthy Digital Infrastructure for Core Identities and Personal Data Stores. Global Forum on Identity (2013)

    Google Scholar 

  18. Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for electronic healthcare services. Computers & Security 30(2-3), 116–127

    Google Scholar 

  19. Johnson, M., et al.: Optimizing a policy authoring framework for security and privacy policies. In: SOUPS, pp. 8:1–8:9. ACM (2010)

    Google Scholar 

  20. Jøsang, A., Pope, S.: User centric identity management. In: AusCERT Asia Pacific Information Technology Security Conference (2005)

    Google Scholar 

  21. Kan, Y., Jia, X., Ren, K.: DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems. IACR Cryptology ePrint Archive, 419 (2012)

    Google Scholar 

  22. Karat, J., Karat, C.-M., Brodie, C., Feng, J.: Designing Natural Language and Structured Entry Methods for Privacy Policy Authoring. In: Costabile, M.F., Paternó, F. (eds.) INTERACT 2005. LNCS, vol. 3585, pp. 671–684. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Korba, L., Kenny, S.: Towards Meeting the Privacy Challenge: Adapting DRM. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 118–136. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. Leenes, R., Schallaböck, J., Hansen, M.: PRIME White Paper, Version 3. PRIME Project (2008)

    Google Scholar 

  25. Liu, X., Zhang, Y., Wang, B., Yan, J.: Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud. IEEE Trans. Parallel Distrib. Syst. 24(6), 1182–1191

    Google Scholar 

  26. Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A Prototype for Solving Conflicts in XACML-based e-Health Policies. In: Proc. 26th IEEE International Symposium on Computer-Based Medical Systems, pp. 449–452 (2013)

    Google Scholar 

  27. Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)

    Article  Google Scholar 

  28. McDonald, A., Cranor, L.: The cost of reading privacy policies. ISJLP 4, 543 (2008)

    Google Scholar 

  29. Masoumzadeh, A., Amini, M., Jalili, R.: Conflict detection and resolution in context-aware authorization. In: IEEE SNDS, pp. 505–511 (2007)

    Google Scholar 

  30. Matteucci, I., Mori, P., Petrocchi, M.: Prioritized Execution of Privacy Policies. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  31. Moiso, C., Antonelli, F., Vescovi, M.: How do I manage my Personal Data? – A Telcoperspective. In: Proc. Data 2012, pp. 123–128 (2012)

    Google Scholar 

  32. Moiso, C., Minerva, R.: Towards a User-Centric Personal Data Ecosystem – The Role of the Bank of Individuals’ Data. In: Intelligence in Next Generation Networks (2012)

    Google Scholar 

  33. OASIS, eXtensible Access Control Markup Language (XACML) Ver. 3.0 (January 2013)

    Google Scholar 

  34. Pentland, A.: Society’s Nervous System: Building Effective Government, Energy, and Public Health Systems. IEEE Computer 45(1), 31–38

    Google Scholar 

  35. Reeder, R.W., Karat, C.-M., Karat, J., Brodie, C.: Usability challenges in security and privacy policy-authoring interfaces. In: Baranauskas, C., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 141–155. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  36. Reuters.com, WhatsApp violates privacy laws over phone numbers: report, http://goo.gl/9tJzF (last checked February 21, 2014)

  37. Roussopoulos, M., et al.: Technology-induced challenges in Privacy & Data Protection in Europe. A report by the ENISA Ad Hoc Working Group on Privacy & Technology (2008)

    Google Scholar 

  38. Syukur, E.: Methods for policy conflict detection and resolution in pervasive computing environments. In: Policy Management for Web (WWW 2005), pp. 10–14. ACM (2005)

    Google Scholar 

  39. Uriel, F., et al.: Zero-knowledge proofs of identity. Journal of Cryptology 1(2), 77–94 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  40. Vescovi, M., Moiso, C., Antonelli, F., Lepri, B., Clippinger, J.-H.: Toward Personal Big Data passing through User Transparency, Control and Awareness: A Living-Lab experience. In: Proc. European Data Forum (to appear, 2014)

    Google Scholar 

  41. Whitley, E.: Towards effective, consent based control of Personal Data. In: Hildebrandt, M., O’Hare, K., Waidner, M. (eds.) The Value of Personal Data, pp. 165–176 (2013)

    Google Scholar 

  42. World Economic Forum, Rethinking Personal Data: Strengthening Trust (2012), http://www.weforum.org/reports/rethinking-personal-data-strengthening-trust

  43. World Economic Forum, Unlocking the Value of Personal Data: From Collection to Usage (2013), http://www.weforum.org/reports/unlocking-value-personal-data-collection-usage

Download references

Author information

Authors and Affiliations

  1. ISTI– CNR, Pisa, Italy

    Stefania Gnesi

  2. IIT– CNR, Pisa, Italy

    Ilaria Matteucci, Paolo Mori & Marinella Petrocchi

  3. Future Centre, Telecom Italia, Torino, Italy

    Corrado Moiso

  4. Semantic&Knowledge Innovation Lab, Telecom Italia, Trento, Italy

    Michele Vescovi

Authors
  1. Stefania Gnesi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilaria Matteucci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Corrado Moiso
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marinella Petrocchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Michele Vescovi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical Engineering (ESAT), KU Leuven and iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven, Belgium

    Bart Preneel

  2. Information Security and Data Protection Unit, ENISA, 1 Vasilissis Sofias, Marousi, 15124, Athens, Greece

    Demosthenes Ikonomou

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Gnesi, S., Matteucci, I., Moiso, C., Mori, P., Petrocchi, M., Vescovi, M. (2014). My Data, Your Data, Our Data: Managing Privacy Preferences in Multiple Subjects Personal Data. In: Preneel, B., Ikonomou, D. (eds) Privacy Technologies and Policy. APF 2014. Lecture Notes in Computer Science, vol 8450. Springer, Cham. https://doi.org/10.1007/978-3-319-06749-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06749-0_11

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06748-3

  • Online ISBN: 978-3-319-06749-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation