You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.2: Study on Privacy in Business Processes by Identity Management > 
Executive Summary  Title:
 Structure and Content




The objective of this study is to identify privacy threats in business processes with personalised services and to present technical approaches for usage control and transparency mechanisms. These approaches extend user-centric identity management. This study examines single-stage and multi-stage business processes with regard to profiling of customers by service providers. In general, privacy threats identify these scenarios, in particular in multi-stage business processes. In case of an unconscious data collection in ambient intelligence environments, e.g. in sensor networks, the need of implementing data legislation in devices is motivated. The aim is to achieve transparency to customer with regard to the unconscious data collection. Multi-stage business processes realise business models where profiles of customers are externally managed by a special service provider. Examples are loyalty programs and e-health applications with electronic patient records. Process models for modelling privacy-aware business processes are presented. While they assume trust of customers to service providers, current user-centric identity management systems are investigated in detail according to their suitability as a security mechanism for privacy in single-stage and in particular in multi-stage business processes.

In contrast to the FIDIS study on a “structured overview on prototypes and concepts of identity management systems” (deliverable D3.1), the identity management protocols are hereby analysed in detail. As an extension for user-centric identity management, the usage control mechanism DREISAM and the transparency mechanism ‘Data Track’ are presented afterwards. This study concludes with an outlook on further work concerning the verification of a compliant use of disclosed personal data with regard to data protection legislation and the negotiated agreements between customer and service providers.


Executive Summary  fidis_wp14_d14.2-study_on_privacy_in_business_processes_by_identity_management-v09_02.sxw  Structure and Content
3 / 38