Skip to Main Content
Individuals are becoming increasingly concerned regarding the protection of their personal information. In an attempt to ease the privacy concerns of individuals, organisations publish privacy policies, promising how they will handle personal information. However, privacy policies as such do not guarantee the protection of personal information and do not offer much customisation on an individual level. Individual privacy contracts are proposed as a solution to this problem. A privacy contract constitutes a legal base on which to contest privacy breaches, should any occur. Every data subject has to enter into a privacy contract (consisting of privacy agreements) with the data controller, otherwise no transactions can be performed between the two parties. A data subject must consent to a privacy agreement before the data controller can use the data of the transaction associated with the agreement. This paper presents the principles and a conceptual view of the management of privacy contracts.