Make your own free website on

Submitted this design for the 32nd All India Student’s Design Competition organized by National Design and Research Forum, Institute of Engineers (India), May 2001.


Design of a new Paradigm to encounter the Global Crisis of Data Privacy over the Internet







  Privacy is a fundamental human right recognized in all major international treaties and agreements on human rights. New technologies are increasingly eroding privacy rights. This includes online data transactions between Businesses and their Customers.

 The World Wide Web has become a marketplace, where information is shared, goods are offered and sold, and services are provided, often requiring people's personal information.

 Along with the benefits of revealing personal information, there is an increasing risk of people's privacy being violated, combined with a growing complexity of data privacy.

Whole industries and bureaucracies have formed solely to collect and distribute sensitive information that individuals once viewed as under their exclusive control: medical records, personal shopping habits, credit histories. Privacy is the number one concern of Internet users; it is also the top reason why non-users still avoid the Internet. 1

 This project introduces a reliable model to simplify online data transactions while enhancing a user's privacy protection.

 This paradigm represents a platform- and software-independent resolution towards better privacy protection on the Web, by reducing the complexity of online data transactions and helping the user to manage, transfer, and settle personal information on the Web.


1. Source:“CDT’s guide to Online privacy”, < >



 Problem Definition

Here we analyze the problem from various points of view. Any problem can only be systematically solved by careful scrutiny of the situation in the past, present and future.

We have to look into the subsequent implications:

Over the past decade, numerous surveys conducted around the world have found consistently high levels of concern about privacy. The more recent studies have found that this concern is as prevalent in the online environment as it is for physical-world interactions.

It is observed that1:

Despite this wide range of interests in privacy as a topic, we have little idea of the ways in which people in their ordinary lives conceive of privacy and their reactions to the collection and use of personal information.

 With this problem definition study, we have tried to better understand the nature of online privacy concerns; we look beyond the fact that people are concerned and attempt to understand what aspects of the problem they are most concerned about.

 User Demand Insight

What the user actually wants2:

  1. Anonymity: Internet users are more likely to provide information when they are not identified.
  2. Levels of Data privacy: Some types of data are more sensitive than others.
  3. Acceptance of the use of persistent identifiers varies according to their purpose.
  4. Better understandings of Data Collection: Internet users dislike automatic data transfer.
  5. Informed Communication: Internet users dislike unsolicited communications.
  6. Universal Governing Body: A joint program of privacy policies and privacy seals seemingly provides a comparable level of user confidence as that provided by privacy laws.


Technical Implications

As the software engineering community attempts to implement P3P or similar privacy protocols, one of the major issues will be the design of easy-to-use interfaces for users. Users would likely benefit from systems that assist them in identifying situations where a site's privacy practices is counter to their interest and assisting them in reaching agreement and exchanging data where such an interaction is acceptable to the user.

However, a user interface must not only present an extremely complex information and decision space, it must do so seamlessly and without a distracting interface3.

Automatic transfer of data and computerized negotiations with sites are unlikely to be interesting to most consumers.

Business Implication

The data from these studies suggest that a trust-enhancement approach is more effective. Trust can be enhanced by building a reputation for fairness, by communication information sharing policies up front and stressing the relational benefits, and by constantly informing the consumers of the organization's activities to serve them better 4.

Therefore a consortium be built that will foster proper use of their data and will ensure that no data is misused for any other illegitimate purpose.


Political Implication

The development of automatic data processing, which enables vast quantities of data to be transmitted within seconds across national frontiers, and indeed across continents, has made it necessary to consider privacy protection in relation to personal data. To prevent what are considered as violations of fundamental human rights, such as the unlawful storage of personal data, the storage of inaccurate personal data, or the abuse or unauthorized disclosure of such data.

On the other hand, there is a danger that disparities in national legislations could hamper the free flow of personal data across frontiers; these flows have greatly increased in recent years and are bound to grow further with the widespread introduction of new computer and communications technology. Restrictions on these flows could cause serious disruption in important sectors of the economy, such as banking and insurance.

Social and Ethical Implications

Customers are very concerned about the following points:

It is found that respondents cared a great deal about

Many people are unaware that others are using information services to make decisions about them. If data in a company's file comes from inaccurate public records or has been inaccurately transcribed, a consumer could be harmed.5

A statistical insight has to be taken into this universal crisis in order to go ahead with the designing.


1. Hine, Christine and Juliet Eve (1998). Privacy in the marketplace. The Information Society 14(4):253-262.

2. Beyond Concern: Understanding Net Users' Attitudes About Online Privacy <>

3. Ackerman, Mark S. and Lorrie Cranor. Privacy Critics: UI Components to Safeguard Users’ Privacy. Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI'99), short papers (v.2.), in press.

4. Milne, George R. and Maria-Eugenia Boza (September 1998). Trust and Concern in Consumers' Perceptions of Marketing Information Management Practices. Marketing Science Institute Working Paper Report No. 98-117.

5. Industry Responds To Online Community's Outrage Over Widespread Availability Of Personal Information ,Center for Democracy and Technology <>


 Astounding Figures

Excerpt from an online poll website3:

Have you personally ever been the victim of what you felt was an improper invasion of privacy, online or elsewhere?

Have been victim                     25%

Have not been victim               75%


Registering At Sites 4    

Four in five -- 82% -- are not at all comfortable with online activities being merged with personally identifiable information, such as "your income, driver's license, credit data, and medical status."

Customer Attitude towards information collection3:

Respondents were consistently less comfortable allowing a child to provide each of these types of information than they would be providing it themselves, with the biggest differences reported in the number of respondents who said they were always or usually comfortable with a child providing email address (16%) and age (14%).


  1. Source: Georgetown Internet Privacy Policy Survey, May, 1999,<>

  2. Source: AT&T Research, April 14, 1999 <>

  3. Source: BW/HARRIS POLL: ONLINE INSECURITY SURVEY of 999 adults, including 408 online users, conducted Feb. 18-23, 1998 for Business Week by Louis Harris & Associates Inc. and Alan Westin, publisher of Privacy & American Business.

  4. Source: Graphic, Visualization & Usability Center's (GVU) 6th WWW User Survey, <


Technical Initiatives

Technologies designed to meet the information needs of government and business and have effectively deprived private individuals of the power to control their personal information. In addition to facilitating the collection of detailed personal data, communication technologies have enabled collectors to share data between themselves for a wide range of purposes.

Platform for Privacy Preferences Project (P3P)1

On June 21, 2000, major Internet companies offered the first public demonstration of a new generation of Web-browsing software designed to give users more control over their personal information online. The new products are based on the Platform for Privacy Preferences Project (P3P), a set of software-writing guidelines developed by the World Wide Web Consortium (W3C), the standard-setting body for the Web.

P3P is designed to provide Internet users with a clear understanding of how personal information will be used by a particular Web site. Web site operators will be able to use the P3P language to explain their privacy practices to visitors.

Proxies and Firewalls

Proxies and firewalls are barriers between a computer and the Internet. Communications are only allowed under certain circumstances and certain types of communications can be blocked entirely.


The private sector has developed Internet tools that strip out personal information in order to protect user privacy.

International Agreements

National laws may be insufficient, on their own, to provide citizens with privacy protections across borders. Various international bodies, including the European Union and the Organization for Cooperation and Development, have developed privacy rules.

OECD Guidelines

In late 1980, the Organization for Economic Cooperation and Development issued a set of privacy guidelines. Albeit broad, the OECD guidelines set up important standards for future governmental privacy rules. These guidelines, while not enforceable, have influenced international agreements, national laws, and self-regulatory policies.

Industry Self-Regulation

Online Privacy Alliance (OPA)

The OPA, a group of more than 80 global corporations and associations, is committed to lead and support self-regulatory initiatives that create an environment of trust and that foster the protection of individuals' privacy online and in electronic commerce. The OPA identifies and advances online privacy policies across the private sector, supports the development and use of self-regulatory enforcement mechanisms and activities, as well as user empowerment technology tools designed to protect individuals' privacy, and supports compliance with and strong enforcement of applicable laws and regulations.

Network Advertisers Initiative (NAI)

The Initiative is committed to providing consumers with a clear explanation of what data the advertisers collect, how they use it, and why use of data can benefit consumers' experience online.


It can be found that the technical aspect of data privacy is so far handled by P3P and APPEL. These technological paradigms have their own confines and they will be discussed in the next section. In addition, Online Privacy Alliance has only set their policy and appliance of their policies is done by a meager number of companies. Since membership to this alliance is not obligatory, many businesses overlook their policies.


  1. CDT’s guide to Online Privacy, Chapter Three: Existing Privacy Protections <>



Besides privacy problems regarding legal protection, there are several other types of problems. During online transactions Web sites can gather a lot of information, which can be either personal information or information derived by tracking people's online activities. People are concerned about the privacy of such information because it is often difficult for them to learn about a Web site's information practices. Some Web sites have started publishing their privacy policies online but in a lot of cases people cannot find them, do not trust them, or simply do not understand them. Thus, people often do not know the consequences of releasing personal information.

It requires us to use all of the tools at our disposal -- international agreements, legislation, self-regulation, public education, and the technology itself -- to protect the right to privacy of Internet users.

 These are some of the targeted problems faced in the present era

 Customers are often unclear why and for what purpose a Web site collects personal information during an online transaction1. For example, it is not obvious why a Web site wants to collect a person's phone number while offering a subscription to a mailing list. One reason is that information such as this is very valuable to Web sites, especially to those who offer free Web services. The collected information can be used for advertising or marketing.

All of these problems indicate that people need help and better protection regarding privacy on the Web.


  1. How to manage, negotiate, and transfer personal information on the Web. <>



 The design implements the following set of principles in order to sustain data privacy:



This design demands an in-depth understanding of the whole issue and the players involved in it. These players can also be termed as ‘Existing Privacy Protectors’. They are as follows:


This design is a new paradigm and is composed of many components. These components are the various requirements that make data privacy free from discrepancy.  They are nothing but each of the players mentioned above. The only difference here is that they don’t act as independent domains but as one constituent of the architecture, with conceptual alterations.

The components of the model are as follows:

Figure1: Architecture of the proposed model


The customer is the primary source of information. This model assumes that the customer fill’s in valid data without maintaining any anonymity. This is done just to make the model simple and uncomplicated.


The Business taking part in this model may be of any sort unless and until they demand information from the customer through the Internet medium. The Business involved here has to be a registrant of the Online Privacy Alliance. This will guarantee Industry self-regulation.  Also unsolicited businesses like pornographic groups, buyers/sellers of illegal material etc. will be highly discouraged to join this forum.

The transaction is first initiated by the business in the form of HTML Form, Queries etc.

Transaction Walls

Transaction walls are proxy interfaces that will form as a hurdle before customer-related data reaches the business. The Transaction Walls are arranged in such a way that the most critical interfaces are first encountered. The various types of Transaction walls proposed are as follows:

1. Security Check: This Transaction Wall is the first and the most imperative type of blockage. The data entered from the user faces this check. Here the data is scanned and any personally identifiable data (rules are set to recognize data as personally identifiable data in P3P) is stopped (i.e. converted into a Data_Serial_No.) from further passage to the next walls.

The P3P and APPEL mechanism are brought into picture and they will only handle the exchange of data between the Transaction walls and the Customer, instead of Business and Customer. This will enable more control over the aims and application of P3P. P3P isn’t a success, as majority of business are not implementing this practice in their transactions. Now with the concept of walls, one can resourcefully execute P3P at the transaction wall level.

2. Policy Agreement: Here the policy agreement between the Customer and the business is confirmed. These Policies are the basis for current data protection and online privacy views, laws and practices. This policy has to be set-aside in common by an international body, so that every respective country abides by it and takes appropriate legal action.

3. OPA agreement: This is a self-regulatory step where every business if verified for OPA membership. For more preciseness of OPA policies, please refer back to the Present technology section.

4. Transborder Flow Agreement: The development of automatic data processing, which enables vast quantities of data to be transmitted within seconds across national frontiers, and indeed across continents, has made it necessary to consider privacy protection in relation to personal data. "Transborder flows of personal data" means movements of personal data across national borders


Issues involved in deciding the Transborder flow of data policy3:

If there is any error occurrence when the data flows through the transaction wall both the parties i.e., customer and the business have to be informed. The business has to be provided with more information about the error because that will help them rectify it.


Data Wallet Factory

The data hops from one wall to another before it finally reached the Data Wallet Factory. When in the process of reaching the factory, the data is encrypted using the Data Encryption Algorithm. The summary of the algorithm is given below:


Algorithm 1:

Analysis of Data Encryption Algorithm

1.   Valid data is received.

a.   Test whether the Personal identifiable Data is in Data_Serial_No. format or not.

                                                         i.      If No, then encrypt it into a Data_Serial_No.

// Data_Serial_No is the only uniquely //identifying field.

                                                     ii.      If Yes, then continue to the next step.

b.   Collect all the customer information and associate each data with the Field table.

// Field table links each filled field with the //standard Field titles. For e.g.:

// 1.à Age

       // 2.à Hobby etc 

c.   Store it into a data structure called data_package.

d.   Attach the date and time of the data transaction.

e.   Pass the data_package prefixed with the Data_Serial_No., date and time to the Data Wallet Factory.


2.   If valid data is not received, then inform the Customer and the Business about the aborted data transaction.

a.   Pass the error interrupt to the business for further rectification.

End of Data Encryption Algorithm


Data Wallet Factory

This is a mechanism where the raw data received is further simplified before it is converted into a Data Wallet. Data Wallet is nothing but an operation where data obtained from the Data Encryption Algorithm is classified systematically.

In the Data Wallet Factory, the security is optimum because it has to be sent to a data repository called Data Well Center. A copy of the data wallet is distributed to the Business and to the Data Well Center. The contents of a Data Wallet are shown below:

Figure 2:Data Wallet

The very essential element about Data Wallet is its first field, which specifies the destination of the Data Wallet. However, undercover this destination address is something called the Data Cease Algorithm.


Data Cease Algorithm

Taking into consideration the amount of data collected due to this system of data privacy, this algorithm came into being. If data is accumulated at the rate at which it is anticipated, then it is practically not feasible to have a data repository of this sort. Fundamentally speaking every customer data should have a life period. After the elapse of that life period, the data ought to be ceased.  No data will be made available after that period. This period is decided by the Other Businesses (it will be discussed later in this section.). Economically, the charges for data storage are directly dependent on the amount of time it has to be stored.


Algorithm 2:

Analysis of Data Cease Algorithm


1.   Receive the data_package.

2.   Categorize the Data based on type of Business and assign it category_no.

3.   Register the Data_Serial_No., category_no., Date, Time separately in a database.

4.   Get the Business life_period.

//life_period is the time the business needs an access to                //the data

5.   Based on the Business life_period calculate the Cease_date and Cease_time.

6.   Add Cease_date and Cease_time as new attributes to database.

7.   Send the Customer data to a separate database.

8.   Create a channel for the Business to use the customer information for a stipulated time.

9.   Keep a counter for the number of times the data is used.

10.Delete the data.

a.   If the Business has reached its maximum limit of data usage.

b.   If the life_period is over.

11.Update the database after deletion.

End of Data Cease Algorithm


Data Well Center

This is a universal organization, which has several functions in terms of Data Privacy and Issues. An analogy can be drawn between Data Well Center and ICANN as far as their functioning is concerned. They have to set the rules and operate accordingly. The various sub-components of Data Well Center are as follows:

Indirect Business

It is found in many cases that data once collected from a customer is sometimes sold/circulated to other Business organizations for marketing purposes. Therefore, it is observed that a communication is initiated by that Business with which you have no familiarity. This forms once reason why people hesitate to disclose their data. Such type of Business can be termed as Indirect Business, as they are not straightforwardly associated with the customer.

Thus, if we have a framework where even these Businesses professionally come forward and register their needs, then the mechanism of work is more transparent.  The center can extend their services at a cost thereby taking care of their infrastructure expenses.  Hence, it is apparent that even the demand of Businesses for Customer data is satisfied.



  1. Privacy and Human Rights, <>

  2. CDT’s guide to Online Privacy, Chapter Three: Existing Privacy Protections <>

  3. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data <>



 This model is an original design that integrates the present technology with future ideas. World Wide Web requires a global agreement in this issue. This debate has put E-Commerce and E-Business in jeopardy. This paradigm caters to all these issues thus setting a platform for safe, secure and protected data exchange between Businesses and their Customer.


The final test of this design is the liaison between Problem Demand-Aims and Objectives of the design-Design Concept. If this holds good for all cases then this design can be considered as competent. This table will decide whether the solution to the problem has been sort or not.


Problem Demand

Aims and Objectives

Design Concept


Data Application Limitation Principle

Security Check

Levels of Data privacy

Data Quality Principle

Transaction Walls and Data Encryption Algorithm

Understanding of Data Collection

Purpose Specification Principle

Data Well Center

Informed Communication

Candidness Principle

Transaction Walls

Legal Intervention

Security Safeguards Principle

Policy Agreement Transaction Wall

Universal Governing Body

Collection Constraint Principle

Data Well Center

Usage of the data

Data Application Limitation Principle

OPA agreement Transaction Wall


Security Safeguards Principle

Data Wallet Factory


Page Uploaded: 29th October 2001