Skip to main content
SpringerLink
Log in

From P3P to Data Licenses

  • Conference paper
Book cover Privacy Enhancing Technologies (PET 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2760))

Included in the following conference series:

Abstract

P3P provides a standard means for Web sites to disclose their privacy policies when they need users’ personal data for processing. A user can then decide whether or not to provide personal data to the sites based on the disclosed policies. The decision process can also be made automatic through an agent or browser via the privacy preferences set by the user. As can be seen, however, this mechanism cannot guarantee that Web sites do act according to their policies once they have obtained user’s personal data. In light of this, we proposed a new technical and legal approach, called Online Personal Data Licensing (OPDL). The idea is that the use of a person’s data must be authorized by the person through the issue of data licenses. Licenses can then be checked to prevent personal data from being misused. This paper focuses on the implementation of OPDL. As P3P provides a standard format for expressing privacy practices about personal data, we use it here to implement data licenses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: Platform for Privacy Preference (P3P). In: W3C Recommendations (2002), Retrieved from http://www.w3c.org/TR/P3P/

  2. EPIC, Junkbuster: Pretty poor privacy: An assessment of p3p and internet privacy (2000), http://www.epic.org/reports/prettypoorprivacy.html

  3. Isenberg, D.: The GigaLaw—Guide to Internet Law. Random House Trade Paperbacks (2002)

    Google Scholar 

  4. Cha, S.C., Joung, Y.J.: Online Personal Data Licensing. In: Proceedings of the 3rd International Conference of Law and Technology (LAWTECH2002), pp. 28–33 (2002)

    Google Scholar 

  5. TRUSTe: (2002), Retrieved from http://www.truste.org

  6. Benassi, P.: TRUSTe: an online privacy seal program. Communications of the ACM 42, 56–59 (1999)

    Article  Google Scholar 

  7. for Economic Cooperation, O., (OECD), D.: Guidelines on the protection of privacy and transborder flows of personal data. Committee for Information, Computer, and Communication Policy (1980)

    Google Scholar 

  8. U.S. Federal Trade Commission: Privacy online: a report to congress (1998), Retrieved from http://www.ftc.gov/reports/privacy3/index.htm

  9. U.S. Department OF Commerce: Safe harbor privacy principles (2000), http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm

  10. European Comission: Platform for privacy preferences and the open profiling standard. Draft opinion of the working party on the protection of individuals with regard to the processing of personal data (1998), http://www.epic.org/privacy/internet/ecp3p.html

  11. World-Wide Web Consortium: W3C publishes first public working draft of P3P 1.0 (1998), http://www.w3.org/Press/1998/P3P

  12. Hensley, P., Metral, M., Shardanand, U., Converse, D., Meyers, M.: Proposal for an open profiling standard. In: W3 Consortium (1997), available as http://www.w3.org/TR/NOTE-OPS-FrameWork.html

  13. Kristol, D.M.: HTTP Cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology (TOIT) 1, 151–198 (2001)

    Article  Google Scholar 

  14. W3C: Removing data transfer from P3P (1999), Retrieved from http://www.w3c.org/P3P/data-transfer.html

  15. US Department of Defense: Trusted Computer System Evaluation Criteria. Technical Report 5200.28, US Department of Defense (1985)

    Google Scholar 

  16. Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World. Prentice Hall, Englewood Cliffs (2002) ISBN: 0-13-046019-2

    Google Scholar 

  17. Calder, A., Watkins, S.: IT Governance: Data Security & BS 7799/ISO 17799. Kogan Page Ltd. (2002) ISBN: 0-7494-3845-2

    Google Scholar 

  18. Cranor, L., Langheinrich, M., Zurich, E.: A P3P Preference Exchange Language 1.0 (APPEL1.0). In: W3C Working Draft (2002), Retrieved August 20, (2002) from http://www.w3c.org/TR/P3P-preferences.html

  19. Boyer, J.: Canonical XML. W3C Recommendation Version 1.0, W3C (2001)

    Google Scholar 

  20. Sonera Plaza Ltd MediaLab: Digital Rights Management white paper. Technical report, Sonera Plaza Ltd. (2002), http://www.medialab.sonera.fi

  21. Microsoft Corporation: Windows Media Rights Manager 9 series - Live DRM. Technical report, Microsoft Corporation White Paper (2002), http://www.microsoft.com/windows/windowsmedia/drm/livedrm.pdf

  22. IBM Corporation: Electronic Media Management System. Technical report, IBM Corporation (2000), http://www-1.ibm.com/industries/media/pdf/emms_brochure_in_english.pdf

  23. Ayars, J.: XMCL - the eXtensible Media Commerce Language. W3c note, W3C (2002)

    Google Scholar 

  24. ContentGuard: XrML 2.1 overview. Technical report, ContentGard (2002)

    Google Scholar 

  25. Lessig, L.: Code and other Laws of Cyberspace. Basic Books, New York (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Taiwan University, Taipei, Taiwan

    Shi-Cho Cha & Yuh-Jzer Joung

Authors
  1. Shi-Cho Cha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuh-Jzer Joung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Free Haven Project,  

    Roger Dingledine

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cha, SC., Joung, YJ. (2003). From P3P to Data Licenses. In: Dingledine, R. (eds) Privacy Enhancing Technologies. PET 2003. Lecture Notes in Computer Science, vol 2760. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40956-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-40956-4_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20610-1

  • Online ISBN: 978-3-540-40956-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation