Privacy protection in government mashups

The Web 2.0 technologies allow dynamic content creation using syndications or mashups, extracted from diverse data sources, including government enterprise data. As a primary source of citizen data, the US government has the obligation not only to make public data available for citizen access as stated in the Freedom of Information Act, but also to protect the privacy of individual citizen’s records as stated in the Privacy Act. In a mashup, a third party mashup Web application provider requests the individual’s data from the government agencies through Web services. Since the data is public data and not necessarily provided through electronic interactions, individual citizens may not be able to express fine-grained privacy policies on how data may be used. In addition, the government agency’s privacy policy is very coarse grained, and the relative sensitivity of individual information is not considered. We discuss the opportunities and issues associated with the programmable web and mashups, provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional privacy protection space and present policy recommendations to complement the technological solutions. The model and recommendations include deployment of a personal privacy policy network, a distributed system over which citizens can publish their individual privacy policies. These policies are accessible by all web service providers to be consulted in real time by data providers including government agencies for the purposes of automated privacy protection reasoning concerning data release.