An Architecture for the Enforcement of Privacy and Security Requirements in Internet-Centric Services

This paper focuses on the problem of how to protect personal data and privacy in the context of internet-centric services. Two main challenges are considered: how to enable individuals to express data protection requirements on their data in a disclosure request; and how to ensure data is actually protected and processed according to the intended purpose of use after being disclosed. As part of our solution, we introduce the notion of a distinctive online service and architectural component, called the Privacy and Security Broker (PSB), responsible for the protection of personal data. The PSB enables a user to express their data protection requirements and translates them into "Data Protection Property Policies" (DPPPs). A high level architecture and the corresponding protocols involving the interaction of the main actors of our solution are presented.