A three-layered model to implement data privacy policies

An increasing number of business-to-business and business-to-customer services are accomplished by means of web technologies and mobile devices. As a consequence, sensitive data are continuously exposed to the risk of being delivered to final users or intermediary actors taking part to the data transactions, who could not have the proper access rights to obtain those data. These new generation of services are often characterized by high dynamism and untrustworthiness: existing technologies for managing and applying data privacy policies could be unsuccessful when dealing with this kind of contexts, as they could require too many resources, degrade the data quality to an unacceptable level, be too pervasive for data sources or data requestors. Moreover, industrial and research community is beginning to perceive the need to embed the mechanisms for preserving data privacy within the software product and process, as it comes to light from the recent literature. This paper proposes an approach to manage data privacy, inspired to the front-end trust filter paradigm, which aims at guaranteeing high flexibility, reducing the resources required, and limiting the pervasiveness into applications and devices involved into the data exchange. Our approach has the potential to curtail the change impact due to the dynamism and to foster the reuse of strategies, and their implementations, also across organizations.