AGREEMENT NEGOTIATION FOR REACHING THE RIGHT LEVEL OF PRIVACY

In this article, we present new ways of establishing and enforcing binding agreements with third-parties for personal privacy protection, regulating the way the data is being used after initial collection. For that, we present a novel model of privacy enforcement, complementing the notion of enterprise privacy with the incorporation of an extra level of privacy enforcement, called personal privacy enforcement. The core idea is twofold: First, to allow users of a pervasive service to negotiate the desired level of privacy in a rather automated and simple way before using the service and thereby granting access to personal data; and secondly, to track and monitor the whole life-cycle of data after it was released. For this we introduce the specification and use of an agreement negotiation protocol on a set of obligations, which is described in this article.