Skip to main content

Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time

Abstract

Article 17 (1) of the Directive 95/46/EC (DPD) requires that the controller must implement appropriate technical and organizational measures to protect personal data. ICT offers solutions in the shape of privacy protection for users, consumers and citizens. The application of ICT to protect privacy has become widely known under the name Privacy-Enhancing Technologies (PET or PETs). This paper tries to explain what factors influence the adoption of privacy enhancing technologies (PETs). This research question first explores whether PETs is an innovation. It then applies Roger’s theory on the diffusion of innovation on PETs. Conceptual models are presented on the main factors of adoption of PETs and the necessary maturity of an organization before adoption of PETs can occur. The paper points out that a positive business case for the economic justification of investments in PETs is needed before a positive decision on the investment will be taken.

Keywords

  • Cash Flow
  • Personal Data
  • Privacy Protection
  • Privacy Risk
  • Security Investment

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Dr. John J. Borking (1945) is owner/director of Borking Consultancy in Wassenaar The Netherlands and was a former privacy commissioner and board member of the Dutch Data Protection Authority. Address: Lange Kerkdam 27, 2242 BN Wassenaar, Netherlands; email: jborking@xs4all.nl

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-94-007-0641-5_15
  • Chapter length: 33 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   149.00
Price excludes VAT (USA)
  • ISBN: 978-94-007-0641-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   199.99
Price excludes VAT (USA)
Hardcover Book
USD   279.99
Price excludes VAT (USA)
Fig. 15.1
Fig 15.2
Fig. 15.3
Fig. 15.4
Fig. 15.5
Fig. 15.6
Fig. 15.7
Fig. 15.8
Fig. 15.9
Fig. 15.10
Fig. 15.11

Notes

  1. 1.

    Directive 95/46/EC, Official Journal L 281, 23/11/1995 P. 0031–0050.

  2. 2.

    When showing the results of calculating the Return On Investment on PETs investments some participants showed a positive attitude change towards adoption (Borking, 2008).

  3. 3.

    EuroPrise (privacy seals) has been subsidized by EU Commission under the eTEN Programme. The EuroPrise project started op June 10 2007 and ended February 28, 2009. http://www.european-privacy-seal.eu/about-europrise/fact-sheet.

  4. 4.

    Fritsch, 2008 and Dijkman, 2008 were the first that used the term ROPI. I prefer ROIPI preventing misunderstanding amongst auditors

  5. 5.

    http://www.european-privacy-seal.eu/about-europrise/fact-sheet

  6. 6.

    The real financial figures are confidential

  7. 7.

    PRIME (Privacy and Identity Management for Europe) Contract No. 507591 Research periode 2004–2008

  8. 8.

    The PRIME researchers were P.Ribbers (UoT), A.Fairchild (VUB), J.Tseng (EUR), R-J.Dijkman (UoT) and J.J.Borking (BC)

References

  • Andriessen, V. “Nederlandse Internetzoekmachine Ixquick ontvangt eerste Europese privacycertificaat.” In Het Financieele Dagblad,15 juli 2008.

    Google Scholar 

  • Bayer, J., and N. Melone. “A Critique of Diffusion Theory as a Managerial Framework for Understanding Adoption of Software Engineering Innovations.” The Journal of Systems and Software 9, 2 (1989): 161–166.

    CrossRef  Google Scholar 

  • Blakley, B., E. McDermott, and D. Geer. Information management is Information Risk Management. in Proceedings NSPW’01, Cloudecroft, New Mexico, 2002.

    Google Scholar 

  • Borking, J. “The Status of Privacy Enhancing Technologies.” In Certification and Security in E-Services. E. Nardelli, S. Posadziejewsji, and M. Talomo. Boston, MA: Kluwer Academic Publishers, 2003, p. 223.

    Google Scholar 

  • Borking, J.J. “Assessing investments mitigating privacy risks.” In Het binnenste buiten, Liber Amicorum ter gelegenheid van het emeritaat van prof. dr. H.J. Schmidt, hoogleraar Recht en Informatica te Leiden, edited by L. Mommers, H. Franken, J. Van den Herik, F. Vander Klauw, and G-J. Zwenne. Leiden: Leiden University Press, 2010.

    Google Scholar 

  • Borking, J.J. “The Business Case for PET and the EuroPrise Seal,” Report for EuroPrise EU Research project on Privacy Seals 2008; http://www.european-privacy-seal.eu/about-europrise/fact-sheet

  • Borking, J.J.F.M. Privacyrecht is Code, Over Het Gebruik van Privacy Enhancing Technologies. Deventer: Kluwer, 2010.

    Google Scholar 

  • Bos, Tj. Adoptie van privacy-enhancing technologies bij publiek/private instellingen. Den Haag: Ministerie van Binnenlandse Zaken, 2006.

    Google Scholar 

  • Camp, L.J., and C. Wolfram. Pricing Security. in Proceedings of the CERT Information, Survivability Workshop, Kluwer Academic Press, Boston MA, 2000.

    Google Scholar 

  • Cardholm, L. Adding Value to Business Performance Through Cost Benefit Analyses of Information Security Management, Thesis, Gävle, 2006.

    Google Scholar 

  • Cas, J., and Ch. Hafskjold. Access in ICT and Privacy in Europe, Experiences from technology assessment of ICT and Privacy in seven different European countries. Geneva: EPTA, 2006, p. 41.

    Google Scholar 

  • Chapman, S., and G.S. Dhillon. Privacy and the Internet: The Case of DoubleClick, Inc. – Social Responsibility in the Information Age: Issues and Responsibilities. XXX, Fort Lauderdale-Davie, 2002.

    Google Scholar 

  • Communication from the Commission to the European Parliament and the Council on Promoting Data Protection by Privacy Enhancing Technologies (PETs), COM (2007) 228 Final, Brussels, 2.5.2007.

    Google Scholar 

  • Darwin. http://www.tech-404.com/calculator.html, 2007, 2008.

  • Davenport, Th.H. Process Innovation – Reengineering work through Information Technology. Boston, MA: Havard Business School Press, 1993.

    Google Scholar 

  • Fagerberg, J. et al. The Oxford Handbook of Innovation. New York: Oxford University Press Oxford, 2005.

    Google Scholar 

  • Fairchild, A., and P. Ribbers. “Privacy-Enhancing Identity Management in Business.” In Privacy and Identity Management for Europe, edited by J. Camenish, R. Leenes, and Sommer, D. Report for the EU Commission X, Brussels, 2008, pp. 69–100.

    Google Scholar 

  • Fichman, R.G. Information Technology Diffusion: A Review of Empirical Research. in Proceedings of the Thirteenth International Conference on Information Systems (ICIS), Dallas, (1992), pp. 195–206.

    Google Scholar 

  • Greenhalgh, T., et al. “Diffusion of innovations in service organizations: Systematic review en recommendations.” The Milbank Quarterly 4 (2004): 581–629.

    Google Scholar 

  • Hahn, U., K. Askelson, and R. Stiles. Managing and Auditing Privacy Risks, ltamonte Springs, 2008 http://www.theiia.org/guidance/technology/gtag/gtag5/

  • Hes, R., and J. Borking. Privacy Enhancing Technologies: The Path to Anonymity (2nd revised edition). Report from the Dutch Data Protection Authority AV no. 11 Den Haag, 2000.

    Google Scholar 

  • Jeyaraj, A., J.W. Rottman, and M.C. Lacity. “A review of the predictors, linkages, and biases in IT innovation adoption research.” Journal of Information Technology 21, 1 (2006): 1–23.

    CrossRef  Google Scholar 

  • Koorn, R., H. Van Gils, J. Ter Hart, P. Overbeek, P. Tellegen, and J. Borking. Privacy Enhancing Technologies – Witboek voor Beslissers; (Whitebook for Decision Makers – Ministry of Internal Affairs and Kingdom Relations) Den Haag, 2004.

    Google Scholar 

  • Leisner, I., and J. Cas. Convenience in ICT and Privacy in Europe, Experiences from technology assessment of ICT and Privacy in seven different European countries. Geneva: EPTA, 2006, p. 50.

    Google Scholar 

  • OECD Organization for Economic Co-operation and Development, Oslo Manual: Guidelines for Collecting and Interpreting Innovation Data, 3rd edition, 2005. Available at: http://www.oecd.org/

  • PRIME, acronym for project name: Privacy and Identity Management for Europe, Contract No. 507591 Research period 2004–2008

    Google Scholar 

  • Privacy Rights Clearinghouse: A Chronology of Data Breaches. 2007. Available at: http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP

  • Rivera, M.A., and E.M. Rogers. “Evaluating public sector innovation in networks: extending the reach of the national cancer institute’s web bases health communication intervention research initiative.” The Innovation Journal: The public Sector Innovation Journal 9, (2004): 1–5.

    Google Scholar 

  • Rogers, E.M. Diffusion of Innovations. New York: Simon & Schuster, 2003.

    Google Scholar 

  • Smit, N. A maturity Model. Zoetermeer: EUR, 2005.

    Google Scholar 

  • Sommer, D. “The PRIME Architecture.” In Privacy and Identity Management for Europein, edited by J. Camenish, R. Leenes, and D. Sommer. Report for the EU Commission, Brussels, 2008.

    Google Scholar 

  • Sonnenreich, W., J. Albanese, and B. Stout. “Return on Security Investment (ROSI) A practical approach.” Journal of Research and Practice in Information Technology 38, 1, (Feb. 2006).

    Google Scholar 

  • Stanford Organizational Maturity Levels, http://www2.slac.stanford.edu/comp/winnt/systemadministration/Organizational%20Maturity%20Levels.doc

  • Tidd, J., et al. Managing Innovation: Integrating Technological, Market and Organizational Change, Chichester: Wiley, John & Sons, Incorporated, 2005.

    Google Scholar 

  • Tsiakis, T., and G. Stephanides. “The Economic Approach of Information Security.” Computers & Security 24, 2005.

    Google Scholar 

  • Tung, L.L., and O. Reck. “Adoption of electronic government services among business organizations in Singapore.” Journal of Strategic Information Systems 14, (2005): 417–440.

    CrossRef  Google Scholar 

  • Van Blarkom, G.W, J.J Borking, and J.G.E Olk. Handbook of Privacy and Privacy-Enhancing Technologies, The Case of Intelligent Software Agents. The Hague: College Bescherming Persoonsgegevens, 2003, pp. 22–30.

    Google Scholar 

  • Van Gestel, G.P.C. Creating an Identity and Access Management Maturity Model, Thesis, Universiteit van Tilburg, Tilburg, 2007.

    Google Scholar 

  • Vandecasteele, J., and L. Moerland. Groeimodel voor IV-functie – Het systematisch weergeven van een herinrichtingproces. Amstelveen: KPMG Management Consulting, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to John J. Borking .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Borking, J.J. (2011). Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_15

Download citation