Why Adopting Privacy Enhancing Technologies (PETs) takes so much time

Abstract

Article 17 (1) of the Directive 95/46/EC (DPD) requires that the controller must implement appropriate technical and organizational measures to protect personal data. ICT offers solutions in the shape of privacy protection for users, consumers and citizens. The application of ICT to protect privacy has become widely known under the name Privacy-Enhancing Technologies (PET or PETs). This paper tries to explain what factors influence the adoption of privacy enhancing technologies (PETs). This research question first explores whether PETs is an innovation. It then applies Roger's theory on the diffusion of innovation on PETs. Conceptual models are presented on the main factors of adoption of PETs and the necessary maturity of an organization before adoption of PETs can occur. The paper points out that a positive business case for the economic justification of investments in PETs is needed before a positive decision on the investment will be taken. © 2011 Springer Science+Business Media B.V.