Messaging with Purpose Limitation – Privacy-Compliant Publish-Subscribe Systems

10/28/2021
by   Karl Wolf, et al.
0

Purpose limitation is an important privacy principle to ensure that personal data may only be used for the declared purposes it was originally collected for. Ensuring compliance with respective privacy regulations like the GDPR, which codify purpose limitation as an obligation, consequently, is a major challenge in real-world enterprise systems. Technical solutions under the umbrella of purpose-based access control (PBAC), however, focus mostly on data being held at-rest in databases, while PBAC for communication and publish-subscribe messaging in particular has received only little attention. In this paper, we argue for PBAC to be also applied to data-in-transit and introduce and study a concrete proof-of-concept implementation, which extends a popular MQTT message broker with purpose limitation. On this basis, purpose limitation as a core privacy principle can be addressed in enterprise IoT and message-driven integration architectures that do not focus on databases but event-driven communication and integration instead.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/16/2018

Digital identity, personal data and privacy protection

Privacy protection in digital databases does not demand that data should...
research
01/16/2018

Authorisation and access control architecture as a framework for data and privacy protection

Privacy protection in digital databases does not demand that data should...
research
05/27/2022

PrivacyDates: A Framework for More Privacy-Preserving Timestamp Data Types

Case studies of application software data models indicate that timestamp...
research
01/15/2021

Reviving Purpose Limitation and Data Minimisation in Personalisation, Profiling and Decision-Making Systems

This paper determines, through an interdisciplinary law and computer sci...
research
06/08/2020

An operational architecture for privacy-by-design in public service applications

Governments around the world are trying to build large data registries f...
research
09/28/2018

A SwarmESB Based Architecture for an European Healthcare Insurance System in Compliance with GDPR

With the everlasting development of technology and society, data privacy...

Please sign up or login with your details

Forgot password? Click here to reset