SEQUEL: A structured English query language
SIGFIDET '74 Proceedings of the 1974 ACM SIGFIDET (now SIGMOD) workshop on Data description, access and control
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
A privacy-enhanced attribute-based access control system
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition
Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition
Hi-index | 0.00 |
European data protection regulation states that organisations must have data subjects' consent to use their personally identifiable information (PII) for a variety of purposes. Solutions have been proposed which generally handle consent in a coarse-grained way, by means of opt in/out choices. However, we believe that consent's representation should be extended to allow data subjects to express a rich set of conditions under which their PII can be used. In this paper we introduce and discuss an approach enabling the representation of consent as fine-grained preferences. To enforce such consent, we leverage and extend the current standard XACML architecture and framework. As data collectors maintain links between PII and associated preferences, preferences should also be considered as part of this PII. Therefore our solution prevents access control components from directly accessing any PII.