Online personal data are rarely, if ever, effectively controlled by the users they concern. Worse, as demonstrated by the numerous leaks reported each week, the organizations that store and process them fail to adequately safeguard the required confidentiality. In this paper, we propose pdguard, a framework that defines prototypes and demonstrates an architecture and an implementation that address both problems. In the context of pdguard, personal data are always stored encrypted as opaque objects. Processing them can only be performed through the pdguard application programming interface (api), under data and action-specific authorizations supplied online by third party agents. Through these agents, end-users can easily and reliably authorize and audit how organizations use their personal data. A static verifier can be employed to identify accidental api misuses. Following a security by design approach, pdguard changes the problem of personal data management from the, apparently, intractable problem of supervising processes, operations, personnel, and a large software stack to that of auditing the applications that use the framework for compliance. We demonstrate the framework’s applicability through a reference implementation, by building a pdguard-based e-shop, and by integrating pdguard into the The Guardian newspaper’s website identity application.

中文翻译：

---

PDGuard：用于控制和安全处理个人数据的体系结构

在线个人数据很少（如果有的话）受到他们关注的用户的有效控制。更糟糕的是，如每周所报告的大量泄漏所表明的那样，存储和处理泄漏的组织未能充分保护所需的机密性。在本文中，我们提出了PDG uard，定义原型的框架和展示的架构和实施该地址这两个问题。在的上下文PDG uard，个人数据总是存储加密为不透明对象。处理它们只能通过进行PDG uard应用程序编程接口（API），由第三方代理商在线提供的数据和特定于操作的授权。通过这些代理，最终用户可以轻松可靠地授权和审核组织如何使用其个人数据。可以使用静态验证程序来识别意外的api滥用。继设计方法安全，PDG uard从改变个人数据管理的问题，显然，监管流程，操作人员的棘手的问题，以及大量的软件堆栈到审核使用了框架，合规的应用程序。我们证明框架的应用通过一个参考实现，通过建立PDG基于uard，电子车间，并通过整合PDG uard进入卫报的网站身份申请。