69,655 research outputs found
Mandatory Enforcement of Privacy Policies using Trusted Computing Principles
Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for data protection and their legal basis and argue why pure legal protection is insufficient. Strong privacy-enhancing technologies need to be deployed in cITS to protect user data while it is generated and processed. As data minimization cannot always prevent the need for disclosing relevant personal information, we introduce the new concept of mandatory enforcement of privacy policies. This concept empowers users and data subjects to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. We also describe the PRECIOSA Privacy-enforcing Runtime Architecture that exemplifies our approach. Moreover, we show how an application can utilize this architecture by applying it to a pay as you drive (PAYD) car insurance scenario
Privacy-Enhancing Technologies for Financial Data Sharing
Today, financial institutions (FIs) store and share consumers' financial data
for various reasons such as offering loans, processing payments, and protecting
against fraud and financial crime. Such sharing of sensitive data have been
subject to data breaches in the past decade.
While some regulations (e.g., GDPR, FCRA, and CCPA) help to prevent
institutions from freely sharing clients' sensitive information, some
regulations (e.g., BSA 1970) require FIs to share certain financial data with
government agencies to combat financial crime. This creates an inherent tension
between the privacy and the integrity of financial transactions. In the past
decade, significant progress has been made in building efficient
privacy-enhancing technologies that allow computer systems and networks to
validate encrypted data automatically.
In this paper, we investigate some of these technologies to identify the
benefits and limitations of each, in particular, for use in data sharing among
FIs. As a case study, we look into the emerging area of Central Bank Digital
Currencies (CBDCs) and how privacy-enhancing technologies can be integrated
into the CBDC architecture. Our study, however, is not limited to CBDCs and can
be applied to other financial scenarios with tokenized bank deposits such as
cross-border payments, real-time settlements, and card payments
- …