| Abstract |
Nowadays organizations that handle personal data need their IT systems to be compliant with privacy regulations which require personal data to be collected and processed only for specified, lawful and legitimate purposes. However, existing data protection mechanisms are not appropriate to fully comply with this principle: they are able to control who can access which data for which purpose, but not how the data are used once accessed. In this presentation an overview of my masterĀ“s thesis project will be presented. The objective of my project is to develop a formal framework which allows a system to verify that data are actually processed in ways that are consistent with the purposes for which data have been collected, thus detecting possible privacy infringements such as re-purposing.
|