Mandatory Enforcement of Privacy Policies using Trusted Computing Principles

Frank Kargl, Florian Schaub, Stefan Dietzel

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    7 Citations (Scopus)
    32 Downloads (Pure)


    Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for data protection and their legal basis and argue why pure legal protection is insufficient. Strong privacy-enhancing technologies need to be deployed in cITS to protect user data while it is generated and processed. As data minimization cannot always prevent the need for disclosing relevant personal information, we introduce the new concept of mandatory enforcement of privacy policies. This concept empowers users and data subjects to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. We also describe the PRECIOSA Privacy-enforcing Runtime Architecture that exemplifies our approach. Moreover, we show how an application can utilize this architecture by applying it to a pay as you drive (PAYD) car insurance scenario.
    Original languageUndefined
    Title of host publicationProceedings of the Intelligent Information Privacy Management Symposium, AAAI Spring Symposium
    Place of PublicationStanford, CA, USA
    Number of pages6
    ISBN (Print)978-1-57735-459-8
    Publication statusPublished - Mar 2010
    Event2010 AAAI Spring Symposium on Intelligent Information Privacy Management Symposium - Stanford University, Stanford, United States
    Duration: 1 Mar 20101 Mar 2010

    Publication series



    Workshop2010 AAAI Spring Symposium on Intelligent Information Privacy Management Symposium
    Country/TerritoryUnited States


    • METIS-275615
    • EWI-18156
    • SCS-Cybersecurity
    • IR-72421

    Cite this