PRECIOSA has assembled a glossary of terms relevant to the project objectives.  They are presented here in two sections:

Glossary of Privacy Terminology






Access control
Access control ensures that resources are only granted to those users who are entitled to them.[1]
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.[2]
A malicious entity whose aim is to launch security or privacy attacks on the system.
Anonymity of a subject means that the subject is not identifiable within a set of subjects, the anonymity set.[3] The degree of anonymity depends on the size of the anonymity set.
The state of having anonymity.
An adversary involved in an actual attack.
Audit trail
A record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period.[2]
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.[2]
The approval, permission, or empowerment for someone or something to conduct certain activities in a system.



A temporary storage of data.
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.[2]
Any freely given, specific and informed indication of the wishes of a data subject, by which he/she agrees to personal data relating to him/her being processed.[4]


Data aggregation
The practice of collecting data from various sources and putting them together. In practice, data can be aggregated multiple times.
Data controller
The person or administrative entity that determines the purposes and means of the processing of personal data on behalf of an institution or body.[4]
Data flow
see "Information flow"
Data privacy
see "Information privacy"
Data protection
The prevention of misuse of information stored on computers, particularly information about individual people.
Data Protection Directive 95/46/EC
The centrepiece legislation at EU level in the field of data protection. Full name is "Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data", also known as "Data Protection Directive".[4]
Data quality
Acceptable standard of accuracy of personal data.
Data retention
see "Retention"
Data security
Appropriate technical and organisational measures to ensure an appropriate level of security in relation to the risks represented by the processing and the nature of the personal data to be protected.[4] 
Data subject
The person whose personal data are collected, held or processed.[4]
Data transfer
Data transfer refers to the transmission / communication of data to a recipient in whatever way.[4]

Digital Privacy Protection (DPP)[5]

Concept from the PRECIOSA Privacy-enforceable Runtime Architecture where Trusted Computing components are used to establish remote trust to other systems to ensure that privacy policies are enforced also on such remote systems.
A data subject who submits data related to itself to the system.






A symbol or a set of symbols of a subject which refers to a concept allowing to distinguish it from others in a specific scope. This could be a name which is imposed by a third party.[6]
An identity is any subset of attributes of an individual person which sufficiently identifies this individual person within any set of persons.[3]
ID management
see "Identity management"
Identity management
Managing various partial identities (usually denoted by pseudonyms) of the individual, i.e. administration and design of identity attributes as well as choice of the partial identity and pseudonym to be (re-)used in a specific context or role. Establishment of reputation is possible when the individual re-uses partial identities. A prerequisite to choose the appropriate partial identity is to recognize the situation the person is acting in.[3]
Information flow
The process of information transfer in a system.
Information flow view[5]
A technique to follow the information flow in a system to identify privacy vulnerabilities and analyze the effectiveness of a given privacy-protection mechansim.
Information privacy
The relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.[7]
A living person.




Location privacy
The ability to control the access to location information related to an individual.
Logical function view[5]
A conceptual representation of the system architecture of cooperative ITS according to the logical functionalities of the system components, regardless of their actual hardware implementations.


Mandatory Privacy Control (MPC)[5]
The enforcement of privacy policies on a mandatory level. The term makes a reference to Mandatory Access Control.



The policy of openness about developments, practices and policies with respect to personal data.


see "Individual"
Personal data
Any information relating to an identified or identifiable natural person, referred to as "data subject" - an identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.[4]
Personal information
see "Personal data"
Personal information controller
The entity or organization that controls the collection, holding, processing or use of personal information.
Personally Identifiable Information (PII)
see "Personal data"
Position sample
see "Location sample"
Privacy is the ability of an individual to be left alone, out of public view, and in control of information about oneself. One can distinguish the ability to prevent intrusion in one's physical space ("physical privacy", for example with regard to the protection of the private home) and the ability to control the collection and sharing of information about oneself ("informational privacy"). The concept of privacy therefore overlaps, but does not coincide, with the concept of data protection.[4]
Privacy by design
To build privacy and data protection up front, into the design specifications and architecture of information and communication systems and technologies, in order to facilitate compliance with privacy and data protection principles.[4]
Privacy Enhancing Technologies (PETs)
A coherent system of information and communication technology (ICT) measures that protect privacy by eliminating or reducing personal data or by preventing unnecessary and/or undesired processing of personal data, all without losing the functionality of the information system. [4]
Privacy rules
see "Privacy policy" [8]
Privacy policy
Privacy policy refers to a legal declaration made by an organization regarding the process, disclose, retentions, and purge of personal information. Privacy policy may also refers to a set of rules that specify how personal data are processed and used in a computer system.
Privacy preferences
Preferences specified by a user that express the desired degree of privacy, either in terms of the whole system, specific for certain applications, or certain kinds of data items. Privacy preferences have to be translated into privacy policies.
Privacy meta model[5]
The ontology used to construct and define constructs and rules needed for creating semantically consistent models of privacy-friendly cooperative ITS.
Privacy Control Monitor (PCM)[5]
A system component in the PRECIOSA Privacy enforcing Runtime Architecture that verifies policy compliance for every data access and either grants or denies it. The term is a reference to Access Control Monitor in traditional access control systems.
Privacy enforceable design-time architecture[5]
A conceptual definition of the structure and behavior of cooperative ITS used in the design of privacy-friendly ITS.
Privacy-enforceable Run-time Architecture (PeRA)[5]
Runtime part of the PRECIOSA Privacy-verifiable Architecture that implements the Policy Enforcement Perimeter using Mandatory Privacy Control and Digital Privacy Protection.
Private data
see "Personal data"
Private information
see "Personal data"
A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.[4]
A pseudonym is an identifier of a subject other than one of the subject’s real names.
Pseudonymity is the use of pseudonyms as identifiers.



A natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients.[4]
All obligations on the part of controllers to retain personal data for certain purposes.[4]
Right of access
The right for any data subject to obtain from the controller of a processing operation the confirmation that data related to him/her are being processed, the purpose(s) for which they are processed, as well as the logic involved in any automated decision process concerning him or her.[4]
Right of information
The right to know that their personal data are processed and for which purpose.[4]
Right of rectification
The right to obtain from the controller the rectification without delay of inaccurate or incomplete personal data.[4]
Right to object
First,it is the general right of any data subject to object to the processing of data relating to him or her, except in certain cases such as a specific legal obligation. Second, it refers to the specific right of any data subject to be informed, free of charge, before personal data are first disclosed to third parties or before they are used on their behalf for the purposes of direct marketing, and to object to such use without justification.[4]
Run-time architecture
The structure and behavior of a system in run time.


Security safeguards
Safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
Sensitive data
Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.[4]
Sensitive information
see "Sensitive data"


Third party
A natural or legal person, public authority, agency or body, other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor are authorised to process the data.[4]
The path revealing a vehicle's movement in space and time.
The path a vehicle follows through space.


Undetectability of an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficiently distinguish whether it exists or not.
Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these IOIs are related or not.
see "Undetectability"
Untraceability aims at making it difficult for the adversary to identify that a given set of actions were performed by the same subject.







  1. Glossary of Terms Used in Security and Intrusion Detectin, SANS
  2. Glossary of Key Information Security Terms , National Institute of Standards and Technology (NIST)  
  3. Privacy and Data Security Terminology, TU Dresden Faculty of Computer Science, Institute of Systems Architecture
  4. Personal Data Protection Glossary, EDPS: European Data Protection Supervisor
  5. PRECIOSA terminology
  6. PRIME Framework version 3 , Privacy and Identity Management for Europe (PRIME)
  7. Information Privacy, from Wikipedia
  8. Managing Privacy: Information Technology and Corporate America, H. Jeff Smith

Copyright 2015 PRECIOSA.