Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control
The amount of data generated in today’s world has a fair share of personal information about individuals that helps data owners and data processors in providing them with personalized services. Different legal and regulatory obligations apply to all data owners collecting personal information, speci...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2021-04-01
|
Series: | Sensors |
Subjects: | |
Online Access: | https://www.mdpi.com/1424-8220/21/9/3041 |
_version_ | 1797536181040185344 |
---|---|
author | Shizra Sultan Christian D. Jensen |
author_facet | Shizra Sultan Christian D. Jensen |
author_sort | Shizra Sultan |
collection | DOAJ |
description | The amount of data generated in today’s world has a fair share of personal information about individuals that helps data owners and data processors in providing them with personalized services. Different legal and regulatory obligations apply to all data owners collecting personal information, specifying they use it only for the agreed-upon purposes and in a transparent way to preserve privacy. However, it is difficult to achieve this in large-scale and distributed infrastructures as data is continuously changing its form, such as through aggregation with other sources or the generation of new transformed resources, resulting often in the loss or misinterpretation of the <i>collection purpose</i>. In order to preserve the authorized <i>collection purposes</i>, we propose data is added as a part of immutable and append-only resource metadata (provenance), to be retrieved by an access control mechanism when required for data-usage verification. This not only ensures purpose limitation in large-scale infrastructures but also provides transparency for individuals and auditing authorities to track how personal information is used. |
first_indexed | 2024-03-10T11:57:05Z |
format | Article |
id | doaj.art-749472b6476940a29f09a8bcce29518f |
institution | Directory Open Access Journal |
issn | 1424-8220 |
language | English |
last_indexed | 2024-03-10T11:57:05Z |
publishDate | 2021-04-01 |
publisher | MDPI AG |
record_format | Article |
series | Sensors |
spelling | doaj.art-749472b6476940a29f09a8bcce29518f2023-11-21T17:15:41ZengMDPI AGSensors1424-82202021-04-01219304110.3390/s21093041Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access ControlShizra Sultan0Christian D. Jensen1Department of Mathematics and Computer Science, Technical University of Denmark, Anker Engelunds Vej 1, Building 101A, 2800 Kongens Lyngby, DenmarkDepartment of Mathematics and Computer Science, Technical University of Denmark, Anker Engelunds Vej 1, Building 101A, 2800 Kongens Lyngby, DenmarkThe amount of data generated in today’s world has a fair share of personal information about individuals that helps data owners and data processors in providing them with personalized services. Different legal and regulatory obligations apply to all data owners collecting personal information, specifying they use it only for the agreed-upon purposes and in a transparent way to preserve privacy. However, it is difficult to achieve this in large-scale and distributed infrastructures as data is continuously changing its form, such as through aggregation with other sources or the generation of new transformed resources, resulting often in the loss or misinterpretation of the <i>collection purpose</i>. In order to preserve the authorized <i>collection purposes</i>, we propose data is added as a part of immutable and append-only resource metadata (provenance), to be retrieved by an access control mechanism when required for data-usage verification. This not only ensures purpose limitation in large-scale infrastructures but also provides transparency for individuals and auditing authorities to track how personal information is used.https://www.mdpi.com/1424-8220/21/9/3041privacycompliancedata protectionprovenancepurpose limitationsecondary use |
spellingShingle | Shizra Sultan Christian D. Jensen Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control Sensors privacy compliance data protection provenance purpose limitation secondary use |
title | Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control |
title_full | Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control |
title_fullStr | Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control |
title_full_unstemmed | Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control |
title_short | Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control |
title_sort | ensuring purpose limitation in large scale infrastructures with provenance enabled access control |
topic | privacy compliance data protection provenance purpose limitation secondary use |
url | https://www.mdpi.com/1424-8220/21/9/3041 |
work_keys_str_mv | AT shizrasultan ensuringpurposelimitationinlargescaleinfrastructureswithprovenanceenabledaccesscontrol AT christiandjensen ensuringpurposelimitationinlargescaleinfrastructureswithprovenanceenabledaccesscontrol |