Specifying Personal Privacy Policies to Avoid Unexpected Outcomes *

de l'informatio

Specifying Personal Privacy Policies to Avoid Unexpected Outcomes 1

The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, the providers and consumers of such services are realizing the need for privacy. The use of P3P privacy policies on web sites is an example of this growing concern for privacy. Managing privacy using privacy policies is a promising approach. In this approach, an e-service provider and an e-service consumer each have separate privacy policies. Before an e-service is engaged, the provider's policy must be "compatible" with the consumer's policy. However, beyond compatibility, the policies may lead to unexpected outcomes. This can result in the lost of privacy and even lead to serious injury in certain cases. This paper gives examples of how such outcomes can arise and suggests how the consumer’s personal privacy policy can be modified to avoid such outcomes