A Formal Privacy Management Framework

Privacy is a complex issue which cannot be handled by exclusively technical means. The work described in this paper results from a multidisciplinary project involving lawyers and computer scientists with the double goal to (1) reconsider the fundamental values motivating privacy protection and (2) study the conditions for a better protection of these values by a combination of legal and technical means. One of these conditions is to provide to the individuals effective ways to convey their consent to the disclosure of their personal data. This paper focuses on the formal framework proposed in the project to deliver this consent through software agents. To appear in: Proceedings of FAST’2008, Formal Aspects of Security and Trust, Springer Verlag, LNCS 1 Context and Motivations In the same way as the growing use of photography at the end of the 19th century prompted Warren and Brandeis seminal paper [31], the changes imposed nowadays by information and communication technologies require a deep reflection on the fundamental values underlying privacy and the best way to achieve their protection [15, 27]. Furthermore a multidisciplinary approach is necessary to tackle this challenge because privacy can neither be apprehended nor guaranteed by exclusively legal or technical means. As a step in this direction, the collaborative project PRIAM1 gathers lawyers and computer scientists with the goal of putting forward a common view of privacy for pervasive computing and effective (legal and technical) instruments to protect it. Daniel Le Métayer, Inria Grenoble Rhône-Alpes, 655 venue de l’Europe, Montbonnot e-mail: [email protected] 1 Privacy Issues in Ambient Intelligence