In our daily life, large amounts of personal data are collected, stored and processed inenterprise systems. This is often done without our knowledge. The protection of thesepersonal data has become a matter of concern for legislators, enterprises, and increasinglyaware data subjects.The goal of this thesis is to investigate the use of a transparent privacy framework to enforceprivacy policies in enterprise systems, and to establish a set of criteria for such a framework.
In this thesis, the concepts of privacy and privacy enhancing technologies (PETs) includingthe Enterprise Privacy Authorisation Language (EPAL) are discussed, the current legislationpertaining to privacy is presented, enterprise systems including the technology of webservices are introduced, and a set of criteria is derived from a study of these concepts. Further,the development of a demo enterprise application system is presented and its integration witha transparent privacy framework for the enforcement of privacy policies in enterprise systemsis discussed. The modifications to the framework necessary for this integration are alsodiscussed. The results obtained from this integration are discussed, and analysed andevaluated with respect to this set of derived criteria.
These criteria imply that such frameworks must authenticate users and map system activitiesto purposes and privacy relevant actions. Data subjects must be identified and personalpolicies handled. Privacy relevant data categories of the enterprise must be identified andcontext data received to evaluate conditions. Obligations that may follow from processingpersonal data should be implemented. These are all criteria for protecting the confidentialityand integrity of personal data and have through this thesis showed to be difficult to implementin a transparent application framework. The results arrived in this Master’s thesis identify andhighlight a number of challenges in the area of transparent privacy frameworks and makeclear the need for further work on this subject.