Towards a Purpose-Based Access Control Model Derived from the Purpose Limitation Principle

Authors	M.G. Kebede T. van Binsbergen T. van Engers D.G. van Vuurden
Publication date	2023
Host editors	G. Sileno J. Spanakis G. van Dijck
Book title	Legal Knowledge and Information Systems
Book subtitle	JURIX 2023: The Thirty-sixth Annual Conference, Maastricht, the Netherlands, 18-20 December 2023
ISBN	9781643684727
ISBN (electronic)	9781643684734
Series	Frontiers in Artificial Intelligence and Applications
Event	36th International Conference on Legal Knowledge and Information Systems, JURIX 2023
Pages (from-to)	143-148
Number of pages	6
Publisher	Amsterdam: IOS Press
Organisations	Faculty of Science (FNWI) - Informatics Institute (IVI) Faculty of Law (FdR) - Leibniz Center for Law (FdR)
Abstract	The purpose limitation principle is a GDPR cornerstone that aims to minimize data processing risks by limiting instances of personal data access and usage. We model purpose as an action or sequences of actions and formalize action relationships to derive purpose-based permissions. Based on these permissions, we introduce a novel purpose-based access control model with a purpose matching algorithm illustrated with a healthcare research use case.
Document type	Conference contribution
Language	English
Published at	https://doi.org/10.3233/FAIA230958
Other links	https://www.scopus.com/pages/publications/85181168815
Downloads	FAIA-379-FAIA230958-1 (Final published version)
Permalink to this page

Back

UvA-DARE