Intelligent Reactive Access Control for Moving Personal Data

In this paper, we conceptualize a growing problem of moving personal data ­ users' data can easily move from one communication channel to another, potentially causing various privacy issues. Once a user generates some content on the Internet, the data is largely "out of control" from a user's standpoint. We present a technical solution that aims to provide users control over their moving data. Our system builds upon the ideas of sticky policy, reactive access control, and privacy scores. Users can specify and enforce sticky policies of their data through data envelop plug-ins. The reactive access control mechanism allows people to request access to data on the fly, extending the predefined sticky policy mechanism to fit with the flexibility of people's everyday sharing practices. Finally, the privacy score helps the data owner make decisions about the requests by providing privacy risk assessment information about the requester.