Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time

  • John J. Borking


Article 17 (1) of the Directive 95/46/EC (DPD) requires that the controller must implement appropriate technical and organizational measures to protect personal data. ICT offers solutions in the shape of privacy protection for users, consumers and citizens. The application of ICT to protect privacy has become widely known under the name Privacy-Enhancing Technologies (PET or PETs). This paper tries to explain what factors influence the adoption of privacy enhancing technologies (PETs). This research question first explores whether PETs is an innovation. It then applies Roger’s theory on the diffusion of innovation on PETs. Conceptual models are presented on the main factors of adoption of PETs and the necessary maturity of an organization before adoption of PETs can occur. The paper points out that a positive business case for the economic justification of investments in PETs is needed before a positive decision on the investment will be taken.


Cash Flow Personal Data Privacy Protection Privacy Risk Security Investment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Andriessen, V. “Nederlandse Internetzoekmachine Ixquick ontvangt eerste Europese privacycertificaat.” In Het Financieele Dagblad,15 juli 2008.Google Scholar
  2. Bayer, J., and N. Melone. “A Critique of Diffusion Theory as a Managerial Framework for Understanding Adoption of Software Engineering Innovations.” The Journal of Systems and Software 9, 2 (1989): 161–166.CrossRefGoogle Scholar
  3. Blakley, B., E. McDermott, and D. Geer. Information management is Information Risk Management. in Proceedings NSPW’01, Cloudecroft, New Mexico, 2002.Google Scholar
  4. Borking, J. “The Status of Privacy Enhancing Technologies.” In Certification and Security in E-Services. E. Nardelli, S. Posadziejewsji, and M. Talomo. Boston, MA: Kluwer Academic Publishers, 2003, p. 223.Google Scholar
  5. Borking, J.J. “Assessing investments mitigating privacy risks.” In Het binnenste buiten, Liber Amicorum ter gelegenheid van het emeritaat van prof. dr. H.J. Schmidt, hoogleraar Recht en Informatica te Leiden, edited by L. Mommers, H. Franken, J. Van den Herik, F. Vander Klauw, and G-J. Zwenne. Leiden: Leiden University Press, 2010.Google Scholar
  6. Borking, J.J. “The Business Case for PET and the EuroPrise Seal,” Report for EuroPrise EU Research project on Privacy Seals 2008;
  7. Borking, J.J.F.M. Privacyrecht is Code, Over Het Gebruik van Privacy Enhancing Technologies. Deventer: Kluwer, 2010.Google Scholar
  8. Bos, Tj. Adoptie van privacy-enhancing technologies bij publiek/private instellingen. Den Haag: Ministerie van Binnenlandse Zaken, 2006.Google Scholar
  9. Camp, L.J., and C. Wolfram. Pricing Security. in Proceedings of the CERT Information, Survivability Workshop, Kluwer Academic Press, Boston MA, 2000.Google Scholar
  10. Cardholm, L. Adding Value to Business Performance Through Cost Benefit Analyses of Information Security Management, Thesis, Gävle, 2006.Google Scholar
  11. Cas, J., and Ch. Hafskjold. Access in ICT and Privacy in Europe, Experiences from technology assessment of ICT and Privacy in seven different European countries. Geneva: EPTA, 2006, p. 41.Google Scholar
  12. Chapman, S., and G.S. Dhillon. Privacy and the Internet: The Case of DoubleClick, Inc. – Social Responsibility in the Information Age: Issues and Responsibilities. XXX, Fort Lauderdale-Davie, 2002.Google Scholar
  13. Communication from the Commission to the European Parliament and the Council on Promoting Data Protection by Privacy Enhancing Technologies (PETs), COM (2007) 228 Final, Brussels, 2.5.2007.Google Scholar
  14. Davenport, Th.H. Process Innovation – Reengineering work through Information Technology. Boston, MA: Havard Business School Press, 1993.Google Scholar
  15. Fagerberg, J. et al. The Oxford Handbook of Innovation. New York: Oxford University Press Oxford, 2005.Google Scholar
  16. Fairchild, A., and P. Ribbers. “Privacy-Enhancing Identity Management in Business.” In Privacy and Identity Management for Europe, edited by J. Camenish, R. Leenes, and Sommer, D. Report for the EU Commission X, Brussels, 2008, pp. 69–100.Google Scholar
  17. Fichman, R.G. Information Technology Diffusion: A Review of Empirical Research. in Proceedings of the Thirteenth International Conference on Information Systems (ICIS), Dallas, (1992), pp. 195–206.Google Scholar
  18. Greenhalgh, T., et al. “Diffusion of innovations in service organizations: Systematic review en recommendations.” The Milbank Quarterly 4 (2004): 581–629.Google Scholar
  19. Hahn, U., K. Askelson, and R. Stiles. Managing and Auditing Privacy Risks, ltamonte Springs, 2008
  20. Hes, R., and J. Borking. Privacy Enhancing Technologies: The Path to Anonymity (2nd revised edition). Report from the Dutch Data Protection Authority AV no. 11 Den Haag, 2000.Google Scholar
  21. Jeyaraj, A., J.W. Rottman, and M.C. Lacity. “A review of the predictors, linkages, and biases in IT innovation adoption research.” Journal of Information Technology 21, 1 (2006): 1–23.CrossRefGoogle Scholar
  22. Koorn, R., H. Van Gils, J. Ter Hart, P. Overbeek, P. Tellegen, and J. Borking. Privacy Enhancing Technologies – Witboek voor Beslissers; (Whitebook for Decision Makers – Ministry of Internal Affairs and Kingdom Relations) Den Haag, 2004.Google Scholar
  23. Leisner, I., and J. Cas. Convenience in ICT and Privacy in Europe, Experiences from technology assessment of ICT and Privacy in seven different European countries. Geneva: EPTA, 2006, p. 50.Google Scholar
  24. OECD Organization for Economic Co-operation and Development, Oslo Manual: Guidelines for Collecting and Interpreting Innovation Data, 3rd edition, 2005. Available at:
  25. PRIME, acronym for project name: Privacy and Identity Management for Europe, Contract No. 507591 Research period 2004–2008Google Scholar
  26. Privacy Rights Clearinghouse: A Chronology of Data Breaches. 2007. Available at:
  27. Rivera, M.A., and E.M. Rogers. “Evaluating public sector innovation in networks: extending the reach of the national cancer institute’s web bases health communication intervention research initiative.” The Innovation Journal: The public Sector Innovation Journal 9, (2004): 1–5.Google Scholar
  28. Rogers, E.M. Diffusion of Innovations. New York: Simon & Schuster, 2003.Google Scholar
  29. Smit, N. A maturity Model. Zoetermeer: EUR, 2005.Google Scholar
  30. Sommer, D. “The PRIME Architecture.” In Privacy and Identity Management for Europein, edited by J. Camenish, R. Leenes, and D. Sommer. Report for the EU Commission, Brussels, 2008.Google Scholar
  31. Sonnenreich, W., J. Albanese, and B. Stout. “Return on Security Investment (ROSI) A practical approach.” Journal of Research and Practice in Information Technology 38, 1, (Feb. 2006).Google Scholar
  32. Tidd, J., et al. Managing Innovation: Integrating Technological, Market and Organizational Change, Chichester: Wiley, John & Sons, Incorporated, 2005.Google Scholar
  33. Tsiakis, T., and G. Stephanides. “The Economic Approach of Information Security.” Computers & Security 24, 2005.Google Scholar
  34. Tung, L.L., and O. Reck. “Adoption of electronic government services among business organizations in Singapore.” Journal of Strategic Information Systems 14, (2005): 417–440.CrossRefGoogle Scholar
  35. Van Blarkom, G.W, J.J Borking, and J.G.E Olk. Handbook of Privacy and Privacy-Enhancing Technologies, The Case of Intelligent Software Agents. The Hague: College Bescherming Persoonsgegevens, 2003, pp. 22–30.Google Scholar
  36. Van Gestel, G.P.C. Creating an Identity and Access Management Maturity Model, Thesis, Universiteit van Tilburg, Tilburg, 2007.Google Scholar
  37. Vandecasteele, J., and L. Moerland. Groeimodel voor IV-functie – Het systematisch weergeven van een herinrichtingproces. Amstelveen: KPMG Management Consulting, 2001.Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2011

Authors and Affiliations

  1. 1.Borking ConsultancyWassenaarThe Netherlands

Personalised recommendations