Method for Insertion of Privacy Services into Web Pages that Collect Personal Information

摘要

An approach for modifying a web page, which uses a form or forms to collect private data from the user, to insert into the web page source code instructions to invoke multiplicity of web services for privacy purposes prior to the delivery of the page to the client browser and for delivery of privacy related information to the server's of the organization that is using the form to collect private data from the user. As one example, instructions are inserted into the web page source code to invoke a web service to show notice to the user that private data will be collected and seek consent from the user on the collection and use of private data. As another example, instructions are inserted into the web page source code to invoke a web service to authenticate the user. As another example, instructions are inserted into the web page source code to invoke a web service to ensure that communication with the client requesting the page is over a secure communication channel. As another example, instructions are inserted into the web page source code to invoke a web service to ensure that private data collected from the client user are de-identified. As another example, instructions are inserted into the web page sources code to invoke a web service that delivers the consent from the user on collection of private data to the servers of the organization that is using the web page to collect the private data. As another example, instructions are inserted into the web page source code to invoke multiplicity of web services that perform privacy functions and, furthermore, that a web service, that is invoked due to insertion of instructions by the method of invention, may perform a multiplicity of privacy functions—it may: ensure that communication with the client system is over a secure communication channel; and/or authenticate the client user; and/or show notice to the client user that private data will be collected; and/or obtain consent from the user for collection of private data; and/or de-identify particular private data elements. As one example of application of the proposed method, the page modified by the method of invention replaces the original web page and any subsequent requests by user browsers for downloads of the page, which collects private data form the user, results in downloading the page that was modified by the proposed method of invention. As another example of application of the proposed method, each time the web page, which collects private data form the user, is requested by a user browser for download of the page, the proposed method is applied on the web page and it is the modified page that is delivered to the user browser as a result of its request for the page.

主权项

1. A method of inserting into a web page, which collects private data from the client user using a form or forms on a web page, invocation of multiplicity of web services for privacy purposes, the method comprising: examining the web page for the presence of a form that collects data from the user, modifying the web page to invoke multiplicity of web services, when user first uses a form that collects private data, for privacy functions including, but not restricted to, showing to the user private notice, showing to the user legal notice, presenting consent options, collection of consent and storage of consent within the form, authentication; and examining a form, which collects private data from the user, for input construct including but not restricted to a shown button on the form that is used to submit the data collected by the form by delivery to a server, and modifying the script associated with the input construct to invoke multiplicity of web services for privacy purposes including, but not restricted to, secure data transfer, de-identification of specified personal data elements input using the form, and optional delivery of the consent obtained from the user to a server delivery of consent obtained from the user to a server.