Privacy Policy Languages

• Genealogy of Languages
• Languages
• Research Plan

In this age of advanced technologies, people all over the world conduct business using computers. While using very advanced technology many fear for the loss of their privacy. At the same time, organizations are continuously trying to gain more customers, thus building trust among consumers drives privacy to be an important asset to improve business. Studies have shown that organizations can increase their trust among consumers by protecting consumers' privacy. Organizations lose consumers if organizations do not protect the privacy of their consumers.

Organizations protect consumers' privacy by enforcing their privacy practices internally (e.g, Role Based Access Control and Access Control Lists). Also to help consumers make informed decisions, organizations express their privacy practices as privacy policies in human-readable format. However, studies have shown that human-readable policies are long and difficult to understand; also system administrators find it difficult to maintain internal enforcement mechanisms in organizations. As a result, Privacy Policy Languages were designed to express these policies in machine-readable format. This helps consumers in making informed decisions and organizations in protecting consumers' privacy.

Many languages are available for representing human-readable privacy policies and access control policies in machine-readable format, but there is no single framework or metric to analyze and evaluate the languages. In our research, we summarize the literature available on the privacy policy languages; provide an account of the features, characteristics, and requirements of the languages and describe a comprehensive framework for analysis. We analyze all the available languages using this comprehensive framework which allows us to compare results between languages. We expect our results to aid implementers in choosing an existing language and also to provide guidelines for building languages in future. We expect this research will be a starting point towards developing frameworks and metrics for analyzing privacy policy languages.

Genealogy of Languages

Privacy policy languages have taken features from access control list languages; and within the privacy policy languages domain, some languages have adopted characteristics and features from other languages. Figure 1 provides information about the adoption of features and characteristics of one language from another language. In some languages, some features were adopted (e.g. XPref from Xpath), while in some other languages a complete feature set was subsumed for implementation of the language (e.g. PRML to EPAL).

Figure 1: History and Genealogy of Privacy Policy Languages - Not drawn to scale. An arrow between two nodes means that the node at the arrow's head adopted features and characteristics from the node at the arrow's tail. The dotted lines represent the language in which there was no action from the starting position of the dotted line. And the final (lower most) node of each language represents the point of analysis of this research.

Languages

The languages that we plan to analyze are (arranged in chronological order):

1. Platform for Privacy Preferences (P3P)
2. A P3P Preference Exchange Language (APPEL)
3. Customer Profile Exchange (CPExchange)
4. Privacy Rights Markup Language (PRML)
5. XML Access Control Language (XACL)
6. Platform for Enterprise Privacy Practices (E-P3P)
7. Security Assertion Markup Language (SAML)
8. Rei
9. eXtensible Access Control Markup Language (XACML)
10. Enterprise Privacy Authorization Language (EPAL)
11. X-Path Based Preference Language (XPref)
12. Privacy Template
13. Declarative Privacy Authorization Language (DPAL)
14. Geographic Location / Privacy (Geopriv)

For details of the above languages, please refer to our paper.

Research Plan

We plan to analyze the privacy policy languages mentioned above using attributes that we will be evolving. We also plan to do a detailed analysis of the genealogy of the languages to find out which languages have taken features from which other languages and what features have been dropped with the reasons for their removal. In addition, we plan on surveying the various language editors, validators, and analysis tools that are available for these languages. The language editors help in expressing the privacy policy in a specific language. The validators are helpful in checking whether the syntax of the policies represented follow a particular standard independent of the implementation. The validators also check for syntactic errors in the policies. We plan on using these analyses to make recommendations for building privacy policy languages.