A Privacy-Policy Language and a Matching Engine for U-PrIM

Oggolder, Michael

January 2013

A privacy-policy matching engine may support users in determining if their privacy preferencesmatch with a service provider’s privacy policy. Furthermore, third parties, such asData Protection Agencies (DPAs), may support users in determining if a service provider’sprivacy policy is a reasonable privacy policy for a given service by issuing recommendationsfor reasonable data handling practises for different services. These recommendations needto be matched with service provider’s privacy policies, to determine if a privacy policy isreasonable or not, and with user’s privacy preferences, to determine if a set of preferencesare reasonable or not.In this thesis we propose a design of a new privacy-policy language, called the UPrIMPolicy Language (UPL). UPL is modelled on the PrimeLife Policy Language (PPL)and tries to improve some of PPL’s shortcomings. UPL also tries to include informationdeemed mandatory for service providers according to the European Data Protection Directive95/46/EC (DPD). In order to demonstrate the features of UPL, we developed aproof-of-concept matching engine and a set of example instances of UPL. The matchingengine is able to match preferences, policies and recommendations in any combination.The example instances are modelled on four stages of data disclosure found in literature.

privacy

privacy policies

policy matching engine

data protection

Computer Sciences

Datavetenskap (datalogi)