Handling Privacy Obligations and Constraints to Underpin Trust and Assurance

Trust is important to enable interactions on the web, in particular with enterprises. The trust that people have in enterprises can be built, reinforced or modified via a variety of means and tools, including personal experience, analysis of prior history, recommendations, certification and auditing by known authorities. The behaviour of an enterprise and the fact that it performs as predicted and agreed is important to shape its reputation and perception of trustworthiness. In particular, the way enterprises handle privacy has an impact on these aspects. We focus on enterprises that recognise the importance of dealing properly with privacy to increase their reputation and business opportunities. Important problems need to be addressed: how can enterprises provide people with degrees of assurance that they will operate in the way dictated by policies and privacy obligations, according to people’s expectations? How can enterprises explicitly manage these policies? How can people check upfront that an enterprise has the right capabilities to handle and process their personal data? How can people have a constant, personalized feedback on the fulfillment of all these aspects? We describe requirements, a model to address the problem and provide technical details. Our work is in progress: initial prototypes have been developed and further work will be done in the context of the EU PRIME123 project.