You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.2: Study on Privacy in Business Processes by Identity Management > 
Personalised Services  Title:
 Hurdles for the Acceptance of Personalised Services


Communication Relationships in Business Processes

The interaction of a customer with a service provider takes place, amongst others, via so-called process portals. A process portal pools all services and information of a service provider for a certain process, whereby own services as well as services of further cooperating service providers are included (Schmid, Bach and Österle, 2000). The portal-operating service provider also adopts the role of a process specialist in addition to the role of a service integrator – i.e. he guides his customers through the process.

The interaction between a customer and integrated services takes place in a direct and, in the case of a multi-stage business process with a chain of services, in an indirect communication relationship. A direct communication relationship is a 1:n relationship of a customer with n service providers, whereby an indirect communication relationship is a 1:n:m relationship from a 1:n relationship between a customer and n service providers and a subsequent n:m relationship between n service providers who communicate directly with the customer and m service providers who provide a service for the customer but are not in direct contact with him.

Single-stage Business Processes: Collecting Customer’s Data

Single-stage service processes are characterised by the customer knowing each service provider involved in the process and that these provide the required service without further support. The customer conducts the process whereby each service is invoked by him. If further services are required for a process, the customer initiates the next service required in the process and passes the result of the preceding service on to it. No interaction for executing the process takes place between the services involved in the business process.

As the services are personalised services, the customer discloses personal data at the service providers’ request. In Figure 3.2, the data is called pers. data and partial identity A or partial identity B. The governor of the data or partial identities is named the data provider, as he regulates the access to this data. The recipients of the data, who then also process it for the respective service, are called data consumers. Through the disclosure of personal data or partial identities to service providers, a profile of the customer is generated with them. The profiles are shown in Figure 3.2 with profile 1 and profile 2. It is assumed that the profiles do not necessarily contain the same data about the customer.

Figure 3. Single-stage business process and the creation of customer profiles.

Multi-stage Business Processes: Using Customer’s Data

Multi-stage business processes are characterised by a chain of series-connected service providers within a process. A resultant intercompany networking thereby pursues effectivity and efficiency goals. In the German market 45.7 % of the enterprises interviewed within the scope of ECE IV are networked with IT systems of other enterprises via the Internet. 52.5 % of the enterprises therewith pursue efficiency goals, such as reduction of costs, and effectivity goals, such as the integration of external services into their own range of services of offered. 63.4 % of the enterprises interviewed currently plan to extend their activities. With 70.6 %, the credit and insurance industry presents the overall largest share of enterprises that are intercompany networked (Sackmann and Strüker, 2005).

A multi-stage business process is also initiated by a customer with requesting a known service provider. The latter requires certain data of the customer for providing his service. This is summarised in Figure 3.3 in the partial identity A. The data consumer 1 processes this data. For the customer, this has the advantage that he does not necessarily have to know the process, i.e. he does not require any knowledge about the entirety of the services required and their progression with the related conditions and commencing and terminating events. For further execution of the process, the data consumer 1 however requires further personal data of the customer, which is called partial identity B. At this point, a multi-stage business process differs from a single-stage business process. The customer’s profile which is generated with service provider 1 no longer just contains the data of the partial identity A, but also of the partial identity B, which are intended for the service provider 2. The merging of profiles with service provider 1 is shown in Figure 3.3 with profiles 1+2.

Furthermore, the service provider 1 changes his role where the subsequent service provider 2 is concerned. He now appears a proxy and thereby as data provider 1. The service provider 1 must be able to use the partial identity A for the use of the services of the data provider 2. This data provider 2 returns profile 2 of the given customer to data provider 1, who is in this case in the role of data consumer 1. Since data provider 2 collects profiles of customers, this service provider takes up the role of a data consumer, here data consumer 2, too. A change of role is not thereby fixed for a certain service provider but depends on the process.

Figure 3. Multi-stage business process and delegation of profiles.


Personalised Services  fidis_wp14_d14.2-study_on_privacy_in_business_processes_by_identity_management-v09_02.sxw  Hurdles for the Acceptance of Personalised Services
7 / 38