DataPAL: Data Protection and Authorization Lifecycle framework

This paper introduces a new model for handling data privacy throughout data lifecycle via the introduction of a policy profile using the Abbreviated Language For Authorization (ALFA) policy language. Our approach extends previous models In three complementary ways: (1) By introducing Administration and Delegation Profile (ADP) in ALFA policy where users and companies can restrict the scope of access/usage policies related to data as well as specify a chain of custody for data (moreover such an approach eases up the tasks of handling users' consent); (2) Thanks to our framework Usage Control System Plus (UCS+) users can monitor the usage of data and revoke its usage upon specific conditions or at will; (3) By introducing new states for policy evaluation, i.e. Admissible/NotAdmissible to filter out those applicable policies that were unauthorized in the first place.