You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.1: Workshop on Privacy in Business Processes > 
Workshop on Privacy in Business Processes  Title:


Agenda and Slides

The workshop was held during the first FIDIS Research Event from September 11th to 12th, 2006, in Budapest. The following presentations have been presented according to the agenda of this workshop:


Monday, September 11th, 2006


Sven Wohlgemuth (ALU-FR): Privacy in Business Processes by User-centric Identity Management 


Sven Wohlgemuth presented the scenario “personalised services” and privacy threats as an orientation for the work in WP14. The characteristic of this scenario is the collection and delegation of customers’ personal data which is necessary, e.g., in loyalty programmes.  He showed that data economy is not possible anymore in business processes with a delegation of customers’ personal data, if current user-centric identity management systems are applied. Customers’ will lose the control on their credentials and on the access on their personal data, because of the all-or-nothing non-transferability of credentials property of the considered identity management systems. Consequently, customers have to trust the participating service providers of a business process. Referring to the scenario and to this proof, the areas of work of WP14 have been presented together with its approach to investigate on privacy in business processes.


Mireille Hildebrandt (VUB): The user-centric narrative of AmI: smart marketing or citizen empowerment? 


Mireille Hildebrandt showed by her talk the threat of interconnecting group profiles to persons and thereby deriving statements to persons which may not be true (or, maybe worse, are true and can be used to manipulate people unaware of the profiles that are applied to them). This may render ineffective D46/95 EC, cp. work plan 2006-2007 art. 29 Working Party, because anonymised data fall outside its scope even if the profiles inferred from them do impact a person. She derived the need of “Ambient Law” which means to articulate legal rules into technological design.  


Günter Karjoth (IBM): Achieving Transparency by Applying an Enterprise Privacy Architecture 


The talk of Günter Karjoth presented an organisational approach to model privacy-aware business processes. The approach enables an enterprise to formulate a single company privacy policy, to monitor processing of personal data against this policy, to enforce access and retention policy across all application and data stores within the enterprise and to prove regulatory compliance. He illustrated this approach by a bookshop example, i.e. privacy compliant processing of customer’s credit card number. 


Simone Fischer-Hübner (KU): The Data Track for increasing transparency for end user 


Data Track is a mechanism for end users in order to trace the disclosure or personal data. It is motivated by the European Data Protection Directive 95/46/EC concerning transparency and by Art. 9 of the Directive 2002/58/EC concerning location based services. The Data Track is a basis for logging functions concerning a privacy policy compliant processing of personal data, exercising legal rights and setting obligations. 


Coffee break 


Ammar Alkassar (SIRRIX): Employing Trusted Computing for User-Friendly Business Processes 


The talk of Ammar Alkassar presented Trusted Computing as a technical foundation for digital rights management regarding a privacy compliant use of disclosed personal data. The talk showed this approach by means of the example of software agents acting as a proxy of an end user for booking a business trip. 


Stefan Köpsell: Overview of Trusted Computing and possible Applications for Business Processes with Delegates 


This talk introduced the participants of the workshop to the main ideas and concepts of Trusted Computing (TC) by the Trusted Computing Group and the technical device Trusted Platform Module (TPM). 


Richard Cissée (TUB): Privacy-preserving Information Filtering 


An application of TC for privacy is the privacy-preserving information filtering approach of TUB. They propose TC for recommender systems in order to enforce customers’ interest regarding disclosure and retention of personal data. 


Sven Wohlgemuth (ALU-FR): Further steps to D14.2, D14.3 and 4th work plan


The first day of the workshop ended with the discussion about the structure of the deliverables D14.2 and D14.2. A proposal for their table of contents was presented by the work package leader. This sketch is based on the contribution of the participants which have been sent to the work package leader before this workshop. The result of this slot is their table of contents by means of a sketch and the further proceeding to develop these deliverables. At the end, the contributors have been asked for their ideas and research activities for the 4th FIDIS work plan.


Tuesday, September 12th, 2006


Martin Meints (ICPP): Compliance in Enterprises – how can Trends in IT-Security successfully be transferred to Data Protection? 


Continuous and repeated tasks in organisations in the private as well as in the public sector exist quite often. Important areas are among others: 

  1. Sales and Customer Relationship Management (CRM) 

  2. Production Planning (PP), Production Management (PM) 

  3. Logistics and transportation 

  4. Financial management 

  5. IT Service Management (ITSM) 

  6. Total Quality Management (TQM) 

  7. Information Security Management (ISM) 

In many of these areas good practice process models are used that suggest standardised proceedings for typical organisations. These process models are meant to be used as framework – they need to be adapted to the specific needs and environmental conditions of the organisation. For data protection no generic good practice process models have been suggested so far. This talk presented an approach for a model for data protection. 


Laurent Bussard (Microsoft): Privacy Aspects of Scoped Federations 


This talk introduced privacy aspects of scoped federations. Scoped federations focus on a particular collaboration and enable individuals from different organizations to consume and expose (web) service resources in a dynamic and secure way. By a prototype on .NET 2.0 and Web Services Enhancements (WSE) for .NET, the privacy aspects of user anonymity, anonymity revocation and identity selection are shown. This prototype makes use of Microsoft InfoCard.


Pieter Ribbers (Tilburg University): Privacy and Business Processes: the approach in PRIME 


Pieter Ribbers presented in his invited talk the PRIME approach for the topic “Privacy in Business Processes”. This top-down approach considers business processes in general and aims to develop a reference process model for integrating privacy-enhanced technologies (PET) in business processes. Thereby, the cost and benefit of using PET will be considered. 


The slides are available at


Workshop on Privacy in Business Processes  fidis_wp14-d14.1-workshop_on_privacy_in_business_processes-final_01.sxw  Results
Sven Wohlgemuth 4 / 7