LILIAN MITROU & MARIA KARYDA
129
Protection Directive of 1995 have, at a large extent, formed the basis for the de-
velopment and implementation of PETs. Evidence shows
10
that PETs implement-
ing data minimization are more often used than those implementing user con-
sent, whose importance appears to be limited. However, the wide diversity and
varying technical characteristics of PETs raise barriers to widespread adoption.
Often PETs are application specific, while some are designed to be used in spe-
cific applications while others may be applied in different systems. Their deploy-
ment depends also on the underlying legal and regulatory framework, on users’
privacy awareness and their privacy concerns, as well as on the cost and benefits
associated with their use. Often, the actual implementation of the PETs is quite
simple. However, the complexity of the term makes it difficult for many stake-
holders, individuals as well as data controllers to apprehend their usefulness and
therefore employ them.
Privacy enhancing technologies have been in use for several years now (D.
Shaum’s “Mix-networks”
11
is considered the first PET as it enables anonymous
communication over a network. However, risks associated with the use of per-
sonal data in electronic form are serious and growing, while, at the same time,
both overall adoption rates and consumer awareness of PETs are low. PETs’ low
adoption rate can be attributed to the fact that have not yet reached a maturity
level while new PETs are constantly developed
12
. Also, users’ privacy awareness
remains limited, while usability issues need to be addressed as several PETs re-
quire previous experience and/or knowledge with ICTs and many lack a user-
friendly interface. Other findings suggest that PETs are still under-developed,
that they remain rather weak in terms of implementation and effectiveness and
that they are often applied in ineffective ways. Their success in providing for the
protection of personal data is constantly limited by technological advances in pri-
vacy-invasive technologies, such as more powerful data mining tools and perva-
sive electronic devices equipped with sensors and biometric identifiers.
10. European Commission, Directorate-General Justice, Freedom and Security, Comparative
Study on Different Approaches to New Privacy Challenges, in Particular in the Light of
New Technological Developments, Final Report, Contract No: JLS/2008/C4/011 – 30-CE-
0219363/00-28, 20-01-2010.
11. David L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms.
Commun. ACM, 24(2): 84–90, 1981.
12. European Commission, Directorate-General Justice, Freedom and Security, Comparative
Study on Different Approaches to New Privacy Challenges, in Particular in the Light of
New Technological Developments, Final Report, Contract No: JLS/2008/C4/011 – 30-CE-
0219363/00-28, 20-01-2010.
