[Venue link] (https://uwaterloo.ca/cybersecurity-privacy-institute/privacy-infrastructures-policy) Through recent years, much research has been conducted into processing privacy policies and presenting them in ways that are easy for users to understand. However, understanding privacy policies has little utility if the website’s data processing code does not match the privacy policy.

Existing systems in this area have been centred on ensuring compliance of internal software to access control policies. Such systems require trusting many components within the back-end machines and are not designed to provide a proof of compliance to an end user. In this talk, I will be presenting a brief overview of our design, named Mitigator, which is a system to enforce compliance of a website’s source code with a privacy policy model that addresses these two drawbacks of previous work. Specifically, Mitigator utilizes trusted hardware platforms to reduce the trusted computing base, and provides a cryptographic proof of compliance to an end user.