Messaging with Purpose Limitation -- Privacy-Compliant Publish-Subscribe Systems
This work addresses privacy compliance for data-in-transit in enterprise systems, focusing on a previously underexplored area, though it is incremental as it builds on existing purpose-based access control concepts.
The paper tackles the challenge of applying purpose limitation to data-in-transit in publish-subscribe systems, introducing a proof-of-concept implementation that extends an MQTT broker to address privacy compliance in enterprise IoT and event-driven architectures.
Purpose limitation is an important privacy principle to ensure that personal data may only be used for the declared purposes it was originally collected for. Ensuring compliance with respective privacy regulations like the GDPR, which codify purpose limitation as an obligation, consequently, is a major challenge in real-world enterprise systems. Technical solutions under the umbrella of purpose-based access control (PBAC), however, focus mostly on data being held at-rest in databases, while PBAC for communication and publish-subscribe messaging in particular has received only little attention. In this paper, we argue for PBAC to be also applied to data-in-transit and introduce and study a concrete proof-of-concept implementation, which extends a popular MQTT message broker with purpose limitation. On this basis, purpose limitation as a core privacy principle can be addressed in enterprise IoT and message-driven integration architectures that do not focus on databases but event-driven communication and integration instead.