Defining Consent and Revocation Policies

by Ioannis Agrafiotis, Sadie Creese, Michael Goldsmith, Nick Papanikolaou, Marco Casassa Mont, Siani Pearson
Abstract:
In this paper we present the notion of a consent and revocation policy, as it has been defined within the context of the EnCoRe project. A consent and revocation policy is different to a privacy policy in that it defines not enterprise practices with regards to personal data, but more specifically, for each item of personal data held by an enterprise, what consent preferences a user may express and to what degree, and in what ways he or she can revoke their personal data. This builds on earlier work on defining the different forms of revocation for personal data, and on formal models of consent and revocation processes.
Reference:
Defining Consent and Revocation Policies (Ioannis Agrafiotis, Sadie Creese, Michael Goldsmith, Nick Papanikolaou, Marco Casassa Mont, Siani Pearson), In Pre-Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, 2010.
Bibtex Entry:
@INPROCEEDINGS{Agrafiotis2010b,
  author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
	Papanikolaou and Marco {Casassa Mont} and Siani Pearson},
  title = {Defining Consent and Revocation Policies},
  booktitle = {Pre-Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and
	Identity Management for Life},
  year = {2010},
  address = { Helsingborg, Sweden},
  month = aug,
  abstract = {In this paper we present the notion of a consent and revocation policy,
	as it has been defined within the context of the EnCoRe project.
	A consent and revocation policy is different to a privacy policy
	in that it defines not enterprise practices with regards to personal
	data, but more specifically, for each item of personal data held
	by an enterprise, what consent preferences a user may express and
	to what degree, and in what ways he or she can revoke their personal
	data. This builds on earlier work on defining the different forms
	of revocation for personal data, and on formal models of consent
	and revocation processes.},
  owner = {Nick},
  timestamp = {2010.06.20},
  url = {../files/definingcrpol.pdf}
}