Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

A programming language for privacy policies

IBM this week announced the first computer language to provide businesses with a way to automate the enforcement of privacy policies among IT applications and systems. It will allow computers to understand the rules of a privacy policy.11 Jul 2003

IBM says its Enterprise Privacy Authorization Language (EPAL) is an important leap forward in privacy-enabling technology, giving developers the power to extend specific privacy rules across internal business systems then automate compliance to those rules.

EPAL is designed to make it easier for enterprises to translate their privacy policies into machine-readable descriptions of data handling procedures.

For instance, EPAL lets developers express a natural language statement such as "Members of the physician group can read protected health information for the purpose of medical treatment, only if the physician is the primary care physician and the patient or the patient's family is notified in advance" in a language that applications and privacy management tools can understand.

Current privacy specifications, such as the Platform for Privacy Preferences (P3P), which was released by the World Wide Web Consortium in April 2002, communicate privacy policies from business applications to consumer applications (for more on P3P, follow the link to our story of 17/04/2002 below).

EPAL goes one step further, providing an XML language that enables organizations to enforce P3P policies behind the web, among applications and databases. XML (Extensible Markup Language) is a flexible means of creating common information formats and share both the format and the data on the internet, intranets, and elsewhere.

"With EPAL, organisations finally have a sophisticated language to help automate the enforcement of the privacy policies they've put in place to protect consumer data," says Arvind Krishna, vice president of security products, Tivoli Software, IBM.

"With EPAL and other privacy innovations, developers can enhance consumer trust and better demonstrate how their organizations' privacy obligations are being kept."

By building enforcement into enterprise applications companies can automate tedious privacy management tasks. By automating these often laborious and complex business processes, companies can reduce costs and increase productivity, says IBM.

IBM plans to submit EPAL for standardisation within the next few months.

A draft specification of the language is currently available at:

More from