How Usage Control and Provenance Tracking Get Together - A Data Protection Perspective

Abstract: These days, sensitive and personal information is used within a wide range of applications. The exchange of this information is increasingly faster and more and more unpredictable. Hence, the person concerned cannot determine what happens with his personal data after it has been released. It is highly intransparent who is accountable for data misuse. Usage control and provenance tracking are two different approaches to tackle this problem. This work compares the two concepts from a data protection perspective.… Show more

“…If the PDP allows the event to happen, the information flow model of the PIP is updated. Provenance tracking takes advantage of the information flow state represented by the PIP and provides comprehensive information to the person concerned (data subject) [1].…”

“…Our implementation is built on Thunderbayes++. 1 We selected it because it integrates SpamBayes, 2 an one-to-one implementation of the methodology of Robinson and Graham. We adapted SpamBayes such as only the body and the subject of a message are analyzed for classification.…”

“…Provenance tracking originates in scientific computing community [16]. But in recent work it is also discussed how provenance can improve transparency in the context of privacy [1]. PII is especially relevant in large, unstructured data sets.…”

“…With the tremendous growth of data, it is not feasible to do that ad hoc. As a solution, usage control and provenance tracking methods [1] are proposed in recent research. But one of the major and yet unsolved problems remains: How does one know which received or created data contains PII?…”

Detection and Labeling of Personal Identifiable Information in E-mails

“…If the PDP allows the event to happen, the information flow model of the PIP is updated. Provenance tracking takes advantage of the information flow state represented by the PIP and provides comprehensive information to the person concerned (data subject) [1].…”

“…Our implementation is built on Thunderbayes++. 1 We selected it because it integrates SpamBayes, 2 an one-to-one implementation of the methodology of Robinson and Graham. We adapted SpamBayes such as only the body and the subject of a message are analyzed for classification.…”

“…Provenance tracking originates in scientific computing community [16]. But in recent work it is also discussed how provenance can improve transparency in the context of privacy [1]. PII is especially relevant in large, unstructured data sets.…”

“…With the tremendous growth of data, it is not feasible to do that ad hoc. As a solution, usage control and provenance tracking methods [1] are proposed in recent research. But one of the major and yet unsolved problems remains: How does one know which received or created data contains PII?…”

Detection and Labeling of Personal Identifiable Information in E-mails

“…However, while IFC enforcement is a step towards demonstrating compliance with regulation requirements, a mechanism to provide transparency over data usage and processing is needed to complement IFC. Indeed, Bier [5] argues for the integration of usage control and provenance. Information Flow Control and Audit has been introduced by Pasquier et al [6] to complement IFC to facilitate insight into data provenance [7] through visualisation and analysis of how information has actually flowed across the system.…”

Information Flow Audit for Transparency and Compliance in the Handling of Personal Data

A Taxonomy of Requirements for the Privacy Goal Transparency