Abstract
Article 17 (1) of the Directive 95/46/EC (DPD) requires that the controller must implement appropriate technical and organizational measures to protect personal data. ICT offers solutions in the shape of privacy protection for users, consumers and citizens. The application of ICT to protect privacy has become widely known under the name Privacy-Enhancing Technologies (PET or PETs). This paper tries to explain what factors influence the adoption of privacy enhancing technologies (PETs). This research question first explores whether PETs is an innovation. It then applies Roger’s theory on the diffusion of innovation on PETs. Conceptual models are presented on the main factors of adoption of PETs and the necessary maturity of an organization before adoption of PETs can occur. The paper points out that a positive business case for the economic justification of investments in PETs is needed before a positive decision on the investment will be taken.
Dr. John J. Borking (1945) is owner/director of Borking Consultancy in Wassenaar The Netherlands and was a former privacy commissioner and board member of the Dutch Data Protection Authority. Address: Lange Kerkdam 27, 2242 BN Wassenaar, Netherlands; email: jborking@xs4all.nl
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Directive 95/46/EC, Official Journal L 281, 23/11/1995 P. 0031–0050.
- 2.
When showing the results of calculating the Return On Investment on PETs investments some participants showed a positive attitude change towards adoption (Borking, 2008).
- 3.
EuroPrise (privacy seals) has been subsidized by EU Commission under the eTEN Programme. The EuroPrise project started op June 10 2007 and ended February 28, 2009. http://www.european-privacy-seal.eu/about-europrise/fact-sheet.
- 4.
Fritsch, 2008 and Dijkman, 2008 were the first that used the term ROPI. I prefer ROIPI preventing misunderstanding amongst auditors
- 5.
- 6.
The real financial figures are confidential
- 7.
PRIME (Privacy and Identity Management for Europe) Contract No. 507591 Research periode 2004–2008
- 8.
The PRIME researchers were P.Ribbers (UoT), A.Fairchild (VUB), J.Tseng (EUR), R-J.Dijkman (UoT) and J.J.Borking (BC)
References
Andriessen, V. “Nederlandse Internetzoekmachine Ixquick ontvangt eerste Europese privacycertificaat.” In Het Financieele Dagblad,15 juli 2008.
Bayer, J., and N. Melone. “A Critique of Diffusion Theory as a Managerial Framework for Understanding Adoption of Software Engineering Innovations.” The Journal of Systems and Software 9, 2 (1989): 161–166.
Blakley, B., E. McDermott, and D. Geer. Information management is Information Risk Management. in Proceedings NSPW’01, Cloudecroft, New Mexico, 2002.
Borking, J. “The Status of Privacy Enhancing Technologies.” In Certification and Security in E-Services. E. Nardelli, S. Posadziejewsji, and M. Talomo. Boston, MA: Kluwer Academic Publishers, 2003, p. 223.
Borking, J.J. “Assessing investments mitigating privacy risks.” In Het binnenste buiten, Liber Amicorum ter gelegenheid van het emeritaat van prof. dr. H.J. Schmidt, hoogleraar Recht en Informatica te Leiden, edited by L. Mommers, H. Franken, J. Van den Herik, F. Vander Klauw, and G-J. Zwenne. Leiden: Leiden University Press, 2010.
Borking, J.J. “The Business Case for PET and the EuroPrise Seal,” Report for EuroPrise EU Research project on Privacy Seals 2008; http://www.european-privacy-seal.eu/about-europrise/fact-sheet
Borking, J.J.F.M. Privacyrecht is Code, Over Het Gebruik van Privacy Enhancing Technologies. Deventer: Kluwer, 2010.
Bos, Tj. Adoptie van privacy-enhancing technologies bij publiek/private instellingen. Den Haag: Ministerie van Binnenlandse Zaken, 2006.
Camp, L.J., and C. Wolfram. Pricing Security. in Proceedings of the CERT Information, Survivability Workshop, Kluwer Academic Press, Boston MA, 2000.
Cardholm, L. Adding Value to Business Performance Through Cost Benefit Analyses of Information Security Management, Thesis, Gävle, 2006.
Cas, J., and Ch. Hafskjold. Access in ICT and Privacy in Europe, Experiences from technology assessment of ICT and Privacy in seven different European countries. Geneva: EPTA, 2006, p. 41.
Chapman, S., and G.S. Dhillon. Privacy and the Internet: The Case of DoubleClick, Inc. – Social Responsibility in the Information Age: Issues and Responsibilities. XXX, Fort Lauderdale-Davie, 2002.
Communication from the Commission to the European Parliament and the Council on Promoting Data Protection by Privacy Enhancing Technologies (PETs), COM (2007) 228 Final, Brussels, 2.5.2007.
Darwin. http://www.tech-404.com/calculator.html, 2007, 2008.
Davenport, Th.H. Process Innovation – Reengineering work through Information Technology. Boston, MA: Havard Business School Press, 1993.
Fagerberg, J. et al. The Oxford Handbook of Innovation. New York: Oxford University Press Oxford, 2005.
Fairchild, A., and P. Ribbers. “Privacy-Enhancing Identity Management in Business.” In Privacy and Identity Management for Europe, edited by J. Camenish, R. Leenes, and Sommer, D. Report for the EU Commission X, Brussels, 2008, pp. 69–100.
Fichman, R.G. Information Technology Diffusion: A Review of Empirical Research. in Proceedings of the Thirteenth International Conference on Information Systems (ICIS), Dallas, (1992), pp. 195–206.
Greenhalgh, T., et al. “Diffusion of innovations in service organizations: Systematic review en recommendations.” The Milbank Quarterly 4 (2004): 581–629.
Hahn, U., K. Askelson, and R. Stiles. Managing and Auditing Privacy Risks, ltamonte Springs, 2008 http://www.theiia.org/guidance/technology/gtag/gtag5/
Hes, R., and J. Borking. Privacy Enhancing Technologies: The Path to Anonymity (2nd revised edition). Report from the Dutch Data Protection Authority AV no. 11 Den Haag, 2000.
Jeyaraj, A., J.W. Rottman, and M.C. Lacity. “A review of the predictors, linkages, and biases in IT innovation adoption research.” Journal of Information Technology 21, 1 (2006): 1–23.
Koorn, R., H. Van Gils, J. Ter Hart, P. Overbeek, P. Tellegen, and J. Borking. Privacy Enhancing Technologies – Witboek voor Beslissers; (Whitebook for Decision Makers – Ministry of Internal Affairs and Kingdom Relations) Den Haag, 2004.
Leisner, I., and J. Cas. Convenience in ICT and Privacy in Europe, Experiences from technology assessment of ICT and Privacy in seven different European countries. Geneva: EPTA, 2006, p. 50.
OECD Organization for Economic Co-operation and Development, Oslo Manual: Guidelines for Collecting and Interpreting Innovation Data, 3rd edition, 2005. Available at: http://www.oecd.org/
PRIME, acronym for project name: Privacy and Identity Management for Europe, Contract No. 507591 Research period 2004–2008
Privacy Rights Clearinghouse: A Chronology of Data Breaches. 2007. Available at: http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP
Rivera, M.A., and E.M. Rogers. “Evaluating public sector innovation in networks: extending the reach of the national cancer institute’s web bases health communication intervention research initiative.” The Innovation Journal: The public Sector Innovation Journal 9, (2004): 1–5.
Rogers, E.M. Diffusion of Innovations. New York: Simon & Schuster, 2003.
Smit, N. A maturity Model. Zoetermeer: EUR, 2005.
Sommer, D. “The PRIME Architecture.” In Privacy and Identity Management for Europein, edited by J. Camenish, R. Leenes, and D. Sommer. Report for the EU Commission, Brussels, 2008.
Sonnenreich, W., J. Albanese, and B. Stout. “Return on Security Investment (ROSI) A practical approach.” Journal of Research and Practice in Information Technology 38, 1, (Feb. 2006).
Stanford Organizational Maturity Levels, http://www2.slac.stanford.edu/comp/winnt/systemadministration/Organizational%20Maturity%20Levels.doc
Tidd, J., et al. Managing Innovation: Integrating Technological, Market and Organizational Change, Chichester: Wiley, John & Sons, Incorporated, 2005.
Tsiakis, T., and G. Stephanides. “The Economic Approach of Information Security.” Computers & Security 24, 2005.
Tung, L.L., and O. Reck. “Adoption of electronic government services among business organizations in Singapore.” Journal of Strategic Information Systems 14, (2005): 417–440.
Van Blarkom, G.W, J.J Borking, and J.G.E Olk. Handbook of Privacy and Privacy-Enhancing Technologies, The Case of Intelligent Software Agents. The Hague: College Bescherming Persoonsgegevens, 2003, pp. 22–30.
Van Gestel, G.P.C. Creating an Identity and Access Management Maturity Model, Thesis, Universiteit van Tilburg, Tilburg, 2007.
Vandecasteele, J., and L. Moerland. Groeimodel voor IV-functie – Het systematisch weergeven van een herinrichtingproces. Amstelveen: KPMG Management Consulting, 2001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Borking, J.J. (2011). Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_15
Download citation
DOI: https://doi.org/10.1007/978-94-007-0641-5_15
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-0640-8
Online ISBN: 978-94-007-0641-5
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)