Authorisation and access control architecture as a framework for data and privacy protection

TL;DR

This paper proposes a framework emphasizing architecture for authorization, audit, and access control to enhance privacy protection in digital databases, moving beyond traditional privacy laws and infringement detection methods.

Contribution

It introduces a novel architecture-based approach for data and privacy protection, focusing on real-time access control and enforcement mechanisms.

Findings

Architecture-based framework improves privacy enforcement

Real-time access control enhances data security

Traditional laws are insufficient without architectural support

Abstract

Privacy protection in digital databases does not demand that data should not be collected, stored or used, but that there should be guarantees that the data can only be used for pre-approved and legitimate purposes. We argue that a data protection law based on traditional understanding of privacy protection and detection of privacy infringements is unlikely to be successful, and that what is required is a law based on an understanding of the architectural requirements of authorisation, audit and access control in real-time. Despite the protection principles being sound, privacy protection in digital databases has been less than effective, anywhere, mainly because of weak enforcement methods.