Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity or openness to 3rd party access. Currently, servers are connected to the Internet, where large amounts of personal information are continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework.