Ensuring privacy for buyer-seller e-commerce

Abstract

The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services and the increasing regulatory and legal requirements for personal privacy have fueled the need to protect the personal privacy of e-service users. Existing approaches for privacy protection such as the use of pseudonym technology, and personal privacy policies along with appropriate compliance mechanisms are predicated on the e-service provider having possession and control over the user's personal data. In this paper, we propose a new approach for protecting personal privacy in buyer-seller e-commerce: keeping possession and control over the buyer's personally identifiable information in the hands of the buyer as much as possible, with the help of a smart card and a trusted authority. Our approach can also be characterized as distributing personally identifiable information only on a "need to know" basis. © 2006 International Federation for Information Processing.