TY - GEN
T1 - Privacy and contextual integrity
T2 - 2006 IEEE Symposium on Security and Privacy, S and P 2006
AU - Barth, Adam
AU - Datta, Anupam
AU - Mitchell, John C.
AU - Nissenbaum, Helen
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2006
Y1 - 2006
N2 - Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.
AB - Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.
UR - http://www.scopus.com/inward/record.url?scp=33751063543&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33751063543&partnerID=8YFLogxK
U2 - 10.1109/SP.2006.32
DO - 10.1109/SP.2006.32
M3 - Conference contribution
AN - SCOPUS:33751063543
SN - 0769525741
SN - 9780769525747
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 184
EP - 198
BT - Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
Y2 - 21 May 2006 through 24 May 2006
ER -