DRM (Digital Rights Management) techniques have been widely deployed in the digital world to enable only legitimate access to the intellectual property of rightholders. On the other hand customers require privacy, which creates a conflict with the currently deployed DRM systems that track consumer habits and personal information. However at a closer look we will realize that both DRM systems and privacy enhancing technologies share common goals.

Relationship: Privacy & DRM
DRM was invented by the content industries to manage rights to different intellectual properties, and to prevent consumers from illegal usage: e.g. consumers should only listen to music downloaded from on-line stores, they should not distribute the songs purchased. As the business incentive to enforce the interests of content publishers is strong, DRM systems nowadays use sophisticated cryptographic functions and are backed by legislation.

In order to compare them with privacy mechanisms later, let's draw up a simplified, common scheme of DRM systems: rightholders allow distributors (e.g. on-line stores) to control their intellectual property (e.g. songs). Distributors use DRM systems to protect the assets by means of secured databases and cryptographic algorithms. Rights on the items controlled are well defined: e.g. consumers who have paid may listen to the songs, radio stations may even broadcast them, but nobody may alter them.

On the other hand privacy is a key concern of consumers. Furthermore, in Europe, privacy is defined as a human right under Article 8 of the 1950 European Convention of Human Rights and Fundamental Freedoms (ECHR 1950) and it is addressed by Directive 2002/58/EC of the European Parliament and the Council (Directive 2002). Among others, the following privacy principles are defined: usage and disclosure limitation (i.e. data collectors and processors may only use personal information under certain conditions), retention (stored personal information has to be disposed of after a given time) or safeguards (stored and processed data has to be protected from illegitimate use).

As current practice shows, during the utilization of their protective functions DRM systems are regularly at odds with privacy principles: they collect different kinds of personal information about customers (ranging from identification data, such as names and credit card numbers, to access patterns and habits, like how many times a certain video has been watched). Currently privacy issues are handled by privacy policies, but as business is using technology to protect and manage its interests, consumers become also more and more keen on using technological means to achieve privacy.

Ultimately, and quite surprisingly, we have to realize that both issues (DRM and privacy) share some common functions: in either case some assets (e.g. songs or billing information) are controlled by third parties, and have to be protected by these third parties from illegitimate use. Furthermore in either case different access rights might be defined and specified (e.g. only listen to music for 30 days or a one year retention period for shipment data).

Privacy Rights Management
To define PRM, the similarities between DRM and privacy systems are further described: management by third parties, protection, and access rights. These make clear the basic functions of a PRM system which uses DRM techniques to manage personal information - according to the requirements of consumers and legal provisions.

Management by third parties In the DRM scenario control over intellectual property is entrusted to the distributors' DRM systems. The aim is to disseminate the property in a controlled fashion focusing on the interests of the rightholders (i.e. usage only if paid for). With privacy the scheme is similar. Personal information owned by a data subject is entrusted to data controllers (and indirectly to data processors). Data controllers need to comply with the privacy principles set out in the legal framework and the consumers' intents. This similarity illustrates why the two scenarios resemble each other in essence.
Protection In DRM systems assets are protected by several means: on the server side secured databases and controlled environments are used, whereas on the client side (i.e. the consumers’) special hardware and software techniques ensure that only legitimate usage is possible. On the other hand data controllers are implemented to protect managed personal information. Considering the common requirements, it is trivial to ask why the same DRM protection measures (e.g. encryption, protected content formats, controlled environment etc.) should not be used for personal information as well. For instance record stores offer songs in encrypted format that can only be decoded in special devices and only if required keys are present. The same technique could be used for private information as well: data controllers could also store data in such DRM-protected formats where access can be effectively restricted.
Access rights Finally to round up the whole scheme, in the DRM environment Rights Expression Languages (RELs, such as ODRL) are used to express what a consumer may perform with the property accessed (e.g. the REL describes that she may only listen to the song for 30 days). Such rights information is usually tightly attached to the protected format used to store the information. In the same manner access to the managed personal information also has to be controlled (by law and by the consumer), e.g. using RELs, the consumer may specify that, for instance, the provided e-mail address may be used to contact him by the data controller but it may not be handed over to other third parties (cf. the same restriction as purchased songs may not be shared with others).

Korba and Kenny (2002) propose the use of ODRL, the REL already used by different DRM systems, to express privacy expectations of consumers regarding personal information about them. In this way, with PRM, consumers could individually set their preferences against the different data collectors.

In current business models, however, companies use privacy policies to express how they process personal information. From this perspective the next step seems to be the uniformization of these privacy policies. The Platform for Privacy Preferences (P3P) Project, coordinated by the World Wide Web Consortium (W3C), aims to define a machine-readable language for formulating how a system processes private information. P3P is currently gaining momentum and seems to be becoming the standard used by companies.

It is not yet clear if these two approaches are at odds, vital questions can be raised however:

  • What if the preferences of the consumer are formulated stricter using PRM than in the P3P policy of a company? Could a compromise be achieved, and if so, how? Will the company accept the consumer's requirements, but raise the price?
  • What if the PRM's settings are more forgiving? Could the company create revenue from using more personal information and thus, eventually lower the price?

Further research and a better understanding of privacy and business models is needed to come up with the answers. A similar problem is explored by Rump & Barlas (2004) in their INDICARE Monitor article on bi-directional Rights Expression Languages.

Bottom line
By analyzing the core functions of DRM and privacy mechanisms, Korba and Kenny (2002) point out that although the anticipated conflict exists, ultimately both share common functions: management of assets by third parties, requirement for protection and restricted usage governed by issued rights. By combining both, a powerful synthesis, Privacy Rights Management can be constructed, using DRM techniques to protect both intellectual property and personal information with the same elaborate techniques. It remains to be seen if PRM defines the next evolutionary step of DRM systems.


About the author
Gergely Tóth is a PhD student at the Budapest University of Technology and Economics in the SEARCH Laboratory where he currently co-ordinates a research project about mobile payment solutions in connection with DRM. Besides Digital Rights Management his core interests include security and privacy. You can contact him at

Status: first published in INDICARE Monitor Vol. 1, No 4, 24 September 2004; licensed under Creative Commons