Automated consent through privacy agents : legal requirements and technical architecture

Daniel Le Métayer 1, * Shara Monteleone
* Auteur correspondant
Abstract : The changes imposed by new information technologies, especially pervasive computing and the Internet, require a deep reflection on the fundamental values underlying privacy and the best way to achieve their protection. The explicit consent of the data subject, which is a cornerstone of most data protection regulations, is a typical example of requirement which is very difficult to put into practice in the new world of "pervasive computing" where many data communications necessarily occur without the users' notice. In this paper, we argue that an architecture based on "Privacy Agents" can make privacy rights protection more effective, provided however that this architecture meets a number of legal requirements to ensure the validity of consent delivered through such Privacy Agents. We first present a legal analysis of consent considering successively (1) its nature; (2) its essential features (qualities and defects) and (3) its formal requirements. Then we draw the lessons of this legal analysis for the design of a valid architecture based on Privacy Agents. To conclude, we suggest an implementation of this architecture proposed in a multidisciplinary project involving lawyers and computer scientists.
Type de document :
Article dans une revue
Computer Law and Security Review, Elsevier, 2009, 25 (2), pp.136-144. 〈10.1016/j.clsr.2009.02.010〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00789915
Contributeur : Daniel Le Métayer <>
Soumis le : mardi 19 février 2013 - 09:25:20
Dernière modification le : mercredi 11 avril 2018 - 01:50:53

Identifiants

Collections

Citation

Daniel Le Métayer, Shara Monteleone. Automated consent through privacy agents : legal requirements and technical architecture. Computer Law and Security Review, Elsevier, 2009, 25 (2), pp.136-144. 〈10.1016/j.clsr.2009.02.010〉. 〈hal-00789915〉

Partager

Métriques

Consultations de la notice

240