Towards Compliance and Accountability: a Framework for Privacy Online

Over the last twenty years, there has been a tremendous growth in the amount of data collected about individuals. Most existing privacy enhancing technologies could not prevent privacy breach effectively, since the real threat is not the control of private data access but the control of usage. While "access control" is well understood, how to achieve "usage control" is still unclear. In the online environment, information is easily copied or delivered. UCONABC, as the next generation of access control, is inadequate to cover the entire privacy information life cycle. As an alternative, accountability may become a candidate means to judge the correctness of individual data’s usage. In this paper, we give a framework with the goal of privacy promise compliance and accountability, which may help to such kind of situation before sound privacy answers may be realized. Besides, we discuss some relevant technical and non-technical components which are needed in the privacy scenario. In the end, we state several research challenges towards the implementation of our framework. Index Terms — privacy, privacy policy, usage control, compliance, accountability