Privacy-Aware Access Control

Privacy-Aware Access Control

Eugenia I. Papagiannakopoulou (National Technical University of Athens, Greece), Maria N. Koukovini (National Technical University of Athens, Greece), Georgios V. Lioudakis (National Technical University of Athens, Greece), Nikolaos L. Dellas (SingularLogic S.A., Greece), Dimitra I. Kaklamani (National Technical University of Athens, Greece) and Iakovos S. Venieris (National Technical University of Athens, Greece)
DOI: 10.4018/978-1-4666-5888-2.ch432

Chapter Preview



Privacy is recognized as a fundamental human right by the Universal Declaration of Human Rights of the United Nations (1948), as well as the Charter of Fundamental Rights of the European Union (European Parliament, Council & Commission, 2000). It is protected by relevant legislation in all the democratic countries throughout the world (cf., e.g., Greenleaf, in press). A significant milestone in the privacy literature has been the codification of the fundamental privacy principles by the Organization for Economic Co-operation and Development (1980), as this codification lays out the basis for the protection of privacy. The OECD principles are reflected in the European Directive 95/46/EC (European Parliament and Council, 1995), “on the protection of individuals with regard to the processing of personal data and on the free movement of such data.” The Directive 95/46/EC enforces a high standard of data protection and constitutes the most influential piece of privacy legislation worldwide (cf., e.g., Greenleaf, 2012), that seems to pull a general framework and has been characterized as an “engine of a global regime” (Birnhack, 2008), affecting many countries outside Europe in enacting similar laws. It is further particularized and complemented by subsequent Directives, as well as various Decisions, Recommendations, and Opinions of the Article 29 Data Protection Working Party, among others. Recently, a reform to the existing data protection framework has been proposed (European Commission, 2012); among the most significant features introduced, it will require companies to conduct privacy impact assessments, to implement “Privacy by Design” principles, and to ensure “Privacy by Default” in their applications, while individuals will have greater rights, such as the “Right to be Forgotten” and the “Right to Data Portability.”

Key Terms in this Chapter

Privacy: The claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

Access Control: The mechanisms used for enabling access to resources only by authorized entities.

Personal Data: Any information relating to an identified or identifiable natural person.

Separation of Duty (SoD): The situation where two actions are mutually exclusive to be performed by the same entity.

Privacy-Aware Access Control: The access control discipline devised for the protection of personal data.

Binding of Duty (BoD): The requirement that an entity performing an action is bound to perform another action.

Context: All environmental parameters, such as location or time, as well as facts and events that surround a situation.

Complete Chapter List

Search this Book: