Personalizing Access Control by Generalizing Access Control

We address the problem of providing data subjects with self-selected controls on access to their personal information. Existing approaches for this are not always sufficient in terms of offering the degrees of control and scope for individualization of access policies that are needed for personal data protection (and usage). We introduce a conceptual framework, a syntax, a semantics, and an axiomatization of a generalized form of access control meta-model, which may be specialized in various ways to enable data subjects to specify flexibly what access controls are to apply on their personal data.