Skip to content

12.16 Personal data management mechanism based on user"s privacy preference

12.16.1 Description

Because the data collected by the M2M platforms may include personal information or sensitive information of data providers, the access to such data should be controlled appropriately. This use case shows the data management mechanism based on data provider's privacy preferences, which is developed as a PPM (Privacy Policy Manager). Because access from application service providers to the collected data at M2M service platform is controlled based on the privacy preferences that are configured by the data providers, unnecessary and unwanted access to the collected data is blocked appropriately.

12.16.2 Source

REQ-2015-0576-Use case of PPM

12.16.3 Actors

  • Front-end data-collection equipment (M2M devices): This actor collects various kinds of data and sends the data to a management platform. The collected data may include sensitive or privacy information of data providers.
  • Management platform (M2M Service Provider's Platform): The management platform stores the data collected by M2M devices. This also has authorization function that manages the access control to the stored data.
  • Data provider: A data provider is a user of services from application service providers. The user subscribes services, and the management platform starts to collect data related to the user and its services. In case that a service requires personal information of a user, such data are collected by the management platform. So the user becomes the data provider. The data that are provided by the data provider may include sensitive or private information. The data provider can configure his/her privacy preference for the collected personal data. If the data provider would not like to permit the application service provider to collect or access specific kinds of data, the data provider can configure the privacy preference of the service to control the data collection or access. The management platform control the data collection from the M2M devices and the data access from the application service providers to the collected personal data based on the privacy preferences.
  • PPM: A PPM function manages privacy preferences of the data providers. The data providers configure their privacy preferences while subscribing application services. The application service providers present the data providers which kinds of data are collected and used by the application service, and the data providers configure their privacy preferences to give access permissions to several kinds of collected data. Although an application service provider may use many kinds of data from a data provider, the data provider can permit the subset of listed data by configuring the privacy preference for its application service. A PPM function also has mechanism to record the usage of the collected data. When application service providers access to the collected data from data providers, its accesses are logged to the PPM. If the data providers would like to refer the past usage of their personal data, they can check it by accessing the PPM. The data provider can request the application service providers to delete the collected data based on the record of access log.
  • Application service providers: This actor provides many kinds of services to service users. In case the application service providers use the data stored in the management platform, they access to the data via authorization function. Because this function provides access control to the data, the function asks a PPM and decides whether the application service provider has access permission to the accessing data or not.

12.16.4 Pre-conditions

None

12.16.5 Triggers

  • Service subscribing trigger: configuring privacy preference of data providers for each service
  • Data collection trigger: collecting data at M2M modules
  • Data access trigger: accessing collected data from application service providers
  • Data usage reference trigger: referring usage of collected data from application service providers
  • Data deletion trigger: requesting deletion of accessed and stored data in application service providers

12.16.6 Normal Flow

The following normal flow is described based on a figure in High Level Illustration (Figure 12.16.9-1).

  • a) Configuration of privacy preference by data provider
    1. When a user starts to subscribe a service of application service provider, the user checks the privacy policy of service. The privacy policy explains what kinds of data will be accessed to provide the service. If the user permits the application service provider to access the collected data by M2M management platform, the user becomes the data provider.
    2. The data provider can select the kinds of data that the application service provider can use by using the PPM. If the data provider would not like to permit the application service provider to access specific kinds of data, the data provider can configure the privacy preference to enable this situation. In other words, because this access permission can be defined item by item, the data provider can restricts the access to the part of collected data.
  • b) M2M data collection
    1. The M2M Service Provider's platform collects data related to the data providers by using M2M devices. In this phase, unwanted and unused data are not collected by configuring privacy preference in PPM appropriately.
  • c) M2M data access from application service providers
    1. When application service providers access to the collected data in M2M Data, they access M2M Service Provider's Platform. The authorization function in the platform controls access to the M2M Data based on the privacy preference stored in the PPM. The authorization function retrieves privacy preference to the target data from the PPM.
    2. If the access is permitted, the target data are transferred to the application service provider. If the access is not permitted, the authorization function responds to the application service provider with the notification of access denied with reasons.
  • d) Traceability of personal data usage
    1. When the application service providers access to the collected data in M2M Data, all the access and its result (access permitted, access denied) are recorded and stored at the PPM.
    2. If the data provider would like to check the status of data usage by application providers, the data provider access to the PPM. The data provider can recognize that which application provider accessed to what kinds of collected data.
    3. If the data provider would like to delete the collected data that were stored in the application service providers, the data provider can request the application service providers to delete the transferred data by specifying access record in the PPM.

12.16.7 Alternative flow

None

12.16.8 Post-conditions

None

12.16.9 High Level Illustration

Figure 12.16.9-1 Overview of Personal Data Management mechanism using PPM

Figure 12.16.9-1 Overview of Personal Data Management mechanism using PPM

12.16.10 Potential requirements

  1. The M2M system shall support the capability of managing the data collection and access to the collected data by using authorization mechanism to avoid unnecessary and unwanted personal information access based on the privacy preference defined by the data provider.
  2. The M2M Service Provider's Platform system shall provide an interface that enables access control for personal data of a data provider by using access control policy defined by the data provider as privacy preference.