Data protection legislation requires personal data to be collected and processed only for lawful and legitimate purposes. Unfortunately, existing protection mechanisms are not appropriate for purpose control: they only prevent unauthorized actions from occurring and do not guarantee that the data are actually used for the intended purpose. In this paper, we present a flexible framework for purpose control, which connects the intended purpose of data to the business model of an organization and detects privacy infringements by determining whether the data have been processed only for the intended purpose.
|Title of host publication
|Secure Data Management (8th VLDB Workshop, SDM 2011, Seattle, WA, USA, September 2, 2011, Proceedings)
|W. Jonker, M. Petkovic
|Place of Publication
|Published - 2011
|Lecture Notes in Computer Science