Holistic Collaborative Privacy Framework for Users' Privacy in Social Recommender Service

TL;DR

This paper presents a privacy-preserving framework for social recommender services that enables users to control their sensitive data while still benefiting from third-party recommendations, complying with privacy regulations.

Contribution

It introduces a collaborative privacy middleware with a two-stage concealment process that allows distributed data collection without compromising user privacy.

Findings

The framework effectively preserves user privacy during data collection.

It complies with OECD privacy principles.

The middleware integrates seamlessly with existing social recommender systems.

Abstract

The current business model for existing recommender services is centered around the availability of users' personal data at their side whereas consumers have to trust that the recommender service providers will not use their data in a malicious way. With the increasing number of cases for privacy breaches, different countries and corporations have issued privacy laws and regulations to define the best practices for the protection of personal information. The data protection directive 95/46/EC and the privacy principles established by the Organization for Economic Cooperation and Development (OECD) are examples of such regulation frameworks. In this paper, we assert that utilizing third-party recommender services to generate accurate referrals are feasible, while preserving the privacy of the users' sensitive information which will be residing on a clear form only on his/her own device. As a result, each user who benefits from the third-party recommender service will have absolute control over what to release from his/her own preferences. We proposed a collaborative privacy middleware that executes a two stage concealment process within a distributed data collection protocol in order to attain this claim. Additionally, the proposed solution complies with one of the common privacy regulation frameworks for fair information practice in a natural and functional way -which is OECD privacy principles. The approach presented in this paper is easily integrated into the current business model as it is implemented using a middleware that runs at the end-users side and utilizes the social nature of content distribution services to implement a topological data collection protocol.