Title : Data Protection

Code : 3

Responsible : GDD

Activities : Data Privacy and Safety

Start Date : 2014-06-01

End Date : 2017-05-31

Objectives : In SocioPlug we aim at developing a data privacy model that follows European regulations and adapted to on-line social web communities. The SocioPlug privacy model should propose decentralized and community-regulated privacy control for data which implies non-negligible responsibilities for the community members.

Our objective is to ensure that, during the whole life cycle of the data (creation, usage, destruction, etc.), users (owners/providers, users/requesters and identified users) will preserve and enrich data privacy (i) based on mutable privacy policies, (ii) following European regulations, in particular access purposes and the right to oblivion, and (iii) continuously. Current solutions proposed to ensure access control continuously, mainly in the usage control domain, do not address neither the creation and suppression of objects nor the policies combination and conflict resolution. In addition, usage control should take into account access purposes to be compliant to recent regulations. Hence, we target two mean scientific challenges : the definition of a purpose-based usage control model and a right to oblivion solution.

Scientific Challenges : Three main challenges has been identified:

  • Purpose-based usage control Usage control taking into account access purposes is substantial in SocioPlug. The challenge is to identify the best way of joining these two approaches. Another challenging issue is the policies combination and conflict resolution. We argue that identified users should have some control on data identifying them. They should be able to define privacy policies that should be combined with the ones defined by data providers. We aim to define and develop a purpose-based usage control that combines privacy policies.
  • Right to oblivion This is a considerable challenge in decentralized social web applications. In SocioPlug, we want to determine a solution allowing data owners and identified users to exercise this right through mutable privacy policies. The access control decision should in this way take into account right to oblivion.
  • Safety In all applicative context of SocioPlug, it is necessary to quickly and precisely process a huge amount of data. The problem of extracting pertinent information in a data stream is similar to the problem of identifying patterns that do not conform to the expected behavior, which has been an active area of research for many decades. Unfortunately, a common feature of these techniques is their large space complexity and their computational cost, as they rely on full space algorithms for analyzing the data. Given our settings, relying on full space algorithms for analyzing input data is not feasible.

Deliverables :

  description Dec. 2013 + months
D31 Privacy breach scenarios in SocioPlug 24
D32 State of the art of purpose-based, usage control approaches, and right to oblivion 18
D33 Report on purpose-based usage control 42
D34 Report on usage control 36
D35 Report on safety 42

Sub-tasks :

Task31 Privacy breach scenarios
Task32 Language definition of privacy policies
Task33 Purpose-based usage control
Task34 Usage control
Task35 Infrastructure monitoring

Participants :