{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:00:58Z","timestamp":1754157658500,"version":"3.41.2"},"reference-count":43,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2009,10,9]],"date-time":"2009-10-09T00:00:00Z","timestamp":1255046400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009,10,9]]},"abstract":"Purpose<\/jats:title>In order to enhance privacy protection during electronic transactions, the purpose of this paper is to propose, develop, and evaluate a personal data management framework called Polis that abides by the following principle: every individual has absolute control over his\/her personal data that reside only at his\/her own side.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>This paper identifies representative electronic transactions that involve personal data and proposes Polis\u2010based protocols for them. The approach is evaluated on a Polis prototype both as a stand\u2010alone application and as part of a commercial database management system.<\/jats:p><\/jats:sec>Findings<\/jats:title>The results of this paper indicate that electronic transactions can remain both feasible and straightforward, while personal data remain only at the owner's side.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>This paper describes a Polis\u2010approach implementing prototype, which is easy to deploy and friendly to current information management technologies. However, the usability of the prototype has to be enhanced with supporting tools for editing personal data and policies and a more intuitive user interface. Finally, the Polis\u2010platform enables a new class of user\u2010centered distributed applications, which it intends to investigate.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>Even though the conditions for a personal data management approach like Polis are mature, and Polis can be progressively adopted, it still entails a major change in current business practices.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>This paper proposes a new paradigm for the management of personal data, which admits individuals to have their personal data stored only at their own side. The new approach can be of mutual benefit to both individuals and companies.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220910993971","type":"journal-article","created":{"date-parts":[[2009,10,5]],"date-time":"2009-10-05T11:11:48Z","timestamp":1254741108000},"page":"311-329","source":"Crossref","is-referenced-by-count":8,"title":["Towards privacy in personal data management"],"prefix":"10.1108","volume":"17","author":[{"given":"Pavlos S.","family":"Efraimidis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Georgios","family":"Drosatos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fotis","family":"Nalbadis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aimilia","family":"Tasidou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022012720393870100_b1","doi-asserted-by":"crossref","unstructured":"Ackerman, M. (2000), \u201cThe intellectual challenge of CSCW: the gap between social requirements and technical feasibility\u201d, Human\u2010Computer Interaction, Vol. 15, pp. 179\u2010203.","DOI":"10.1207\/S15327051HCI1523_5"},{"key":"key2022012720393870100_b2","unstructured":"Acquisti, A. (2004), \u201cPrivacy and security of personal information: technological solutions and economic incentives\u201d, in Camp, J. and Lewis, R. (Eds), The Economics of Information Security, Kluwer, Boston, MA, pp. 165\u201078."},{"key":"key2022012720393870100_b3","unstructured":"Aggarwal, G., Bawa, M., Ganesan, P., Garcia\u2010Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D. and Xu, Y. (2005), \u201cTwo can keep a secret: a distributed architecture for secure database services\u201d, Proceedings of the 2005 CIDR (Conference on Innovative Data Systems Research) Asilomar, CA, USA, January 4\u20107, pp. 186\u201099."},{"key":"key2022012720393870100_b4","doi-asserted-by":"crossref","unstructured":"Agrawal, R., Kiernan, J., Srikant, R. and Xu, Y. (2002), \u201cHippocratic databases\u201d, VLDB '2002: Proceedings of the 28th International Conference on Very Large Data Bases, Hong Kong, China, August 20\u201023, pp. 143\u201054 (VLDB Endowment).","DOI":"10.1016\/B978-155860869-6\/50021-4"},{"key":"key2022012720393870100_b5","unstructured":"Anderson, R. (2007), \u201cUK government loses personal data on 25 million citizens\u201d, EDRI\u2010gram, No. 5.22."},{"key":"key2022012720393870100_b6","doi-asserted-by":"crossref","unstructured":"Bangerter, E., Camenisch, J. and Lysyanskaya, A. (2004), \u201cA cryptographic framework for the controlled release of certified data\u201d, in Christianson, B., Crispo, B., Malcolm, J. and Roe, M. (Eds), Security Protocols Workshop, LNCS, Vol. 3957, Springer, Berlin, pp. 20\u201042.","DOI":"10.1007\/11861386_4"},{"key":"key2022012720393870100_b7","unstructured":"Bohrer, K. and Holland, B. (Eds) (2000), Customer Profile Exchange (CPExchange) Specification, IDEAlliance, Arlington, VA, available at: www.idealliance.org\/cpexchange."},{"key":"key2022012720393870100_b8","doi-asserted-by":"crossref","unstructured":"Cha, S.\u2010C. and Joung, Y.\u2010J. (2003), \u201cFrom p3p to data licenses\u201d, Privacy Enhancing Technologies, 3rd International Workshop, PET 2003, Dresden, Germany, March 26\u201028, pp. 205\u201022.","DOI":"10.1007\/978-3-540-40956-4_14"},{"key":"key2022012720393870100_b9","unstructured":"ConsumerReports (2006), \u201cCR investigates: your privacy for sale\u201d, Consumer Reports, Vol. 71 No. 10, p. 41, available at: www.accessmylibrary.com\/coms2\/summary 0286\u201029062087 ITM."},{"key":"key2022012720393870100_b10","unstructured":"Crosby, J. (2008), \u201cChallenges and opportunities in identity assurance\u201d, Technical report, HM Treasury, London, available at: www.hmtreasury.gov.uk\/d\/identity assurance060308.pdf."},{"key":"key2022012720393870100_b11","doi-asserted-by":"crossref","unstructured":"Dingledine, R., Mathewson, N. and Syverson, P. (2004), \u201cTor: the second\u2010generation onion router\u201d, Proceedings of the 13th USENIX Security Symposium, San Diego, CA, August 9\u201013, p. 21.","DOI":"10.21236\/ADA465464"},{"key":"key2022012720393870100_b12","unstructured":"DISCREET (2008), \u201cDiscreet service provision in smart environments\u201d, FP6\u20102004\u2010IST\u20104 Contract No. 27679, available at: www.ist\u2010discreet.org\/."},{"key":"key2022012720393870100_b13","doi-asserted-by":"crossref","unstructured":"Efraimidis, P., Drosatos, G., Nalbadis, F. and Tasidou, A. (2008), \u201cTowards privacy in personal data management\u201d, Proceedings of the 2008 Panhellenic Conference on Informatics, IEEE Computer Society, Washington, DC, pp. 3\u20107.","DOI":"10.1109\/PCI.2008.11"},{"key":"key2022012720393870100_b14","unstructured":"Fahrmair, M., Sitou, W. and Spanfelner, B. (2005), \u201cSecurity and privacy rights management for mobile and ubiquitous computing\u201d, paper presented at the Workshop on UbiComp Privacy."},{"key":"key2022012720393870100_b16","unstructured":"Goldberg, I. (2007), \u201cPrivacy\u2010enancing technologies for the internet III: ten years later\u201d, in Acquisti, A., Gritzalis, S., Lambrinoudakis, C. and di Vimercati, S. (Eds), Digital Privacy: Theory, Technologies, and Practices, Ch. 1, Auerbach Publications, Taylor & Francis Group, London."},{"key":"key2022012720393870100_b15","unstructured":"Goldberg, I. (2000), \u201cA pseudonymous communications infrastructure for the internet\u201d, PhD thesis, University of California, Berkeley, CA."},{"key":"key2022012720393870100_b17","doi-asserted-by":"crossref","unstructured":"Golle, P., McSherry, F. and Mironov, I. (2006), \u201cData collection with self\u2010enforcing privacy\u201d, CCS '06: 13th ACM Conference on Computer and Communications Security, ACM, New York, NY, pp. 69\u201078.","DOI":"10.1145\/1180405.1180416"},{"key":"key2022012720393870100_b18","doi-asserted-by":"crossref","unstructured":"Gritzalis, S. (2004), \u201cEnhancing web privacy and anonymity in the digital era\u201d, Information Management & Computer Security, Vol. 12 No. 3, pp. 255\u201087.","DOI":"10.1108\/09685220410542615"},{"key":"key2022012720393870100_b19","doi-asserted-by":"crossref","unstructured":"Hong, J. (2005), \u201cAn architecture for privacy\u2010sensitive ubiquitous computing\u201d, PhD thesis, Computer Science Division, University of California, Berkeley, CA.","DOI":"10.1145\/990064.990087"},{"key":"key2022012720393870100_b20","unstructured":"J\u00e4appinen, P. (2004), \u201cME \u2013 mobile electronic personality\u201d, PhD thesis, Lappeen\u2010ranta University of Technology, Lappeenranta."},{"key":"key2022012720393870100_b21","unstructured":"Jentzsch, N. (2007), Theory of Information and Privacy, Springer, Berlin, pp. 7\u201059."},{"key":"key2022012720393870100_b22","unstructured":"Karjoth, G. and Schunter, M. (2002), \u201cA privacy policy model for enterprises\u201d, Proceedings of the 15th IEEE Computer Security Foundations Workshop, IEEE Computer Society, Washington, DC, pp. 271\u201081."},{"key":"key2022012720393870100_b23","doi-asserted-by":"crossref","unstructured":"Karjoth, G., Schunter, M. and Waidner, M. (2002), \u201cThe platform for enterprise privacy practices \u2013 privacy enabled management of customer data\u201d, 2nd Workshop on Privacy Enhancing Technologies (PET), Lecture Notes in Computer Science 2482, Springer, Berlin, pp. 69\u201084.","DOI":"10.1007\/3-540-36467-6_6"},{"key":"key2022012720393870100_b24","doi-asserted-by":"crossref","unstructured":"Katsikas, S., Lopez, J. and Pernul, G. (2005), \u201cTrust, privacy and security in e\u2010business: requirements and solutions\u201d, Proceedings of the 10th Panhellenic Conference on Informatics (PCI'2005), LNCS, Springer, Berlin, pp. 548\u201058.","DOI":"10.1007\/11573036_52"},{"key":"key2022012720393870100_b25","unstructured":"Kleinberg, J., Papadimitriou, C. and Raghavan, P. (2001), \u201cOn the value of private information\u201d, TARK: Theoretical Aspects of Reasoning About Knowledge, Vol. 8."},{"key":"key2022012720393870100_b26","doi-asserted-by":"crossref","unstructured":"Korba, L. and Kenny, S. (2003), \u201cTowards meeting the privacy challenge: adapting drm\u201d, Digital Rights Management, LNCS 2696\/2003, Springer, Berlin, pp. 118\u201036.","DOI":"10.1007\/978-3-540-44993-5_8"},{"key":"key2022012720393870100_b27","doi-asserted-by":"crossref","unstructured":"Laudon, K. (1996), \u201cMarkets and privacy\u201d, Commun. ACM, Vol. 39 No. 9, pp. 92\u2010104.","DOI":"10.1145\/234215.234476"},{"key":"key2022012720393870100_b28","unstructured":"Lederer, S., Hong, J., Dey, A. and Landay, J. (2005), \u201cPersonal privacy through understanding and action: five pitfalls for designers\u201d, Designing Secure Systems That People Can Use, pp. 421\u201045."},{"key":"key2022012720393870100_b29","doi-asserted-by":"crossref","unstructured":"Lee, H.\u2010H. and Stamp, M. (2008), \u201cAn agent\u2010based privacy\u2010enhancing model\u201d, Information Management & Computer Security, Vol. 16 No. 3, pp. 305\u201019.","DOI":"10.1108\/09685220810893234"},{"key":"key2022012720393870100_b30","doi-asserted-by":"crossref","unstructured":"Lioudakis, G., Koutsoloukas, E., Dellas, N., Tselikas, N., Kapellaki, S., Prezerakos, G., Kaklamani, D. and Venieris, I. (2007), \u201cA middleware architecture for privacy protection\u201d, Comput. Networks, Vol. 51 No. 16, pp. 4679\u201096.","DOI":"10.1016\/j.comnet.2007.06.010"},{"key":"key2022012720393870100_b31","doi-asserted-by":"crossref","unstructured":"Millett, L., Friedman, B. and Felten, E. (2001), \u201cCookies and web browser design: toward realizing informed consent online\u201d, SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, NY, pp. 46\u201052.","DOI":"10.1145\/365024.365034"},{"key":"key2022012720393870100_b32","doi-asserted-by":"crossref","unstructured":"Mulligan, D. and Schwartz, A. (2000), \u201cYour place or mine?: Privacy concerns and solutions for server and client\u2010side storage of personal information\u201d, CFP '00: Proceedings of the 10th Conference on Computers, Freedom and Privacy, ACM, New York, NY, pp. 81\u20104.","DOI":"10.1145\/332186.332255"},{"key":"key2022012720393870100_b33","doi-asserted-by":"crossref","unstructured":"Palen, L. and Dourish, P. (2003), \u201cUnpacking \u2018privacy\u2019 for a networked world\u201d, CHI '03: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, NY, pp. 129\u201036.","DOI":"10.1145\/642611.642635"},{"key":"key2022012720393870100_b34","unstructured":"Polis (2008), \u201cThe polis project\u201d, available at: http:\/\/polis.ee.duth.gr."},{"key":"key2022012720393870100_b35","unstructured":"PRIME (2008), \u201cPrivacy and identity management for Europe\u201d, EC Contract No. IST\u20102002\u2010507591, available at: www.prime\u2010project.eu\/."},{"key":"key2022012720393870100_b36","unstructured":"Rahm, E. and Do, H.H. (2000), \u201cData cleaning: problems and current approaches\u201d, IEEE Bulletin of the Technical Committee on Data Engineering, Vol. 23 No. 4."},{"key":"key2022012720393870100_b37","unstructured":"Reuters (2008), \u201cAxel Springer hit by new German data leak scandal\u201d, available at: www.reuters.com\/article\/internetNews\/idUSTRE49H1GH20081018."},{"key":"key2022012720393870100_b38","doi-asserted-by":"crossref","unstructured":"Salim, F., Sheppard, N. and Safavi\u2010Naini, R. (2007), \u201cEnforcing p3p policies using a digital rights management system\u201d, in Borisov, N. and Golle, P. (Eds), Privacy Enhancing Technologies, LNCS, Vol. 4776, Springer, Berlin, pp. 200\u201017.","DOI":"10.1007\/978-3-540-75551-7_13"},{"key":"key2022012720393870100_b39","doi-asserted-by":"crossref","unstructured":"Samuelson, P. (2000), \u201cPrivacy as intellectual property?\u201d, Stanford Law Review, Vol. 52, p. 1125.","DOI":"10.2307\/1229511"},{"key":"key2022012720393870100_b40","unstructured":"Tasidou, A., Efraimidis, P. and Katos, V. (2009), Technical Report LPDP\u20102009\u201001, Democritus University of Thrace, Komotini, available at: http:\/\/utopia.duth.gr\/\u223cpefraimi\/research\/data\/2009FairTrades.pdf."},{"key":"key2022012720393870100_b41","unstructured":"Varian, H. (1996), \u201cEconomic aspects of personal privacy\u201d, Privacy and Self\u2010Regulation in the Information Age, US Department of Commerce, Washington, DC."},{"key":"key2022012720393870100_b42","doi-asserted-by":"crossref","unstructured":"Vassiliadis, P., Simitsis, A. and Skiadopoulos, S. (2002), \u201cConceptual modeling for ETL processes\u201d, Proceedings of the 5th ACM International Workshop on Data Warehousing and OLAP, McLean, VA, November 8, ACM, New York, USA, pp. 14\u201021.","DOI":"10.1145\/583890.583893"},{"key":"key2022012720393870100_b43","unstructured":"W3C (2002), \u201cThe platform for privacy preferences 1.0 (p3p1.0) specification\u201d, available at: www.w3.org\/TR\/P3P."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220910993971","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220910993971\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220910993971\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:10Z","timestamp":1753402150000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/17\/4\/311-329\/179723"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,10,9]]},"references-count":43,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2009,10,9]]}},"alternative-id":["10.1108\/09685220910993971"],"URL":"https:\/\/doi.org\/10.1108\/09685220910993971","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2009,10,9]]}}}