We can hardly underestimate the importance of privacy in our data-driven world. Privacy breaches are not just about disclosing information. Personal data is used to profile and manipulate us - sometimes on such a large scale that it affects society as a whole. What can governments do to protect our privacy? In 'The Governance of Privacy' Hans de Bruijn first analyses the complexity of the governance challenge, using the metaphor of a journey. At the start, users have strong incentives to share data. Harvested data continue the journey that might lead to a privacy breach, but not necessarily - it can also lead to highly valued services. That is why both preparedness at the start of the journey and resilience during the journey are crucial to privacy protection. The book then explores three strategies to deal with governments, the market, and society. Governments can use the power of the law; they can exploit the power of the market by stimulating companies to compete on privacy; and they can empower society, strengthening its resilience in a data-driven world. 1 The Radical Transformation of Privacy 1.1 Introduction 1.2 Privacy as a process (I) 1.3 Type 1: privacy invasions as disclosure – continu¬ous, ubiquitous, and emergent 1.4 Type 2: privacy invasions as profiling 1.5 Type 3: privacy invasion as manipulation 1.6 Type 4: privacy invasion as a collective problem 1.7 Privacy as a process (II): comparing the four types of privacy invasions 2 The Complexity of the Governance Challenge 2.1 Introduction 2.2 Victims and their many cost–benefit analyses 2.3 The object: data and the many uncertainties concerning data use 2.4 The spaghetti-like network of data-producing devices 2.5 The villain comes in many guises 2.6 Distribution cannot be distinguished from production 2.7 The addressee as victim and villain 2.8 The essence of the differences between then and now 2.9 The complexity of the governance challenge, summarized 3 An Introduction to Governance 3.1 Introduction 3.2 State, market, and society 3.3 The context and the inevitable unintended effects 3.4 The dynamics of underlying norms 3.5 When to use instruments: upstream or down¬stream? 3.6 Resilient governance 4 The Power of the State 4.1 Introduction 4.2 From prescriptive- to goal-based regulation 4.3 From substantive regulation to procedural regulation 4.4 From imposed to negotiated regulation 4.5 From direct to indirect regulation 4.6 From instrumental to institutional regulation 4.7 The essence of resilience-based regulation 4.8 Conditions for regulation based on resilience—capacity and infrastructure building 5 The Power of the Market 5.1 Introduction 5.2 Competing on privacy 5.3 The pricing and taxing of data 5.4 Challenging the business proposition and, there¬fore, the business model 5.5 Creating barriers in the data-journey—breaking up companies 5.6 The power of the market and resilience 6 The Power of Society 6.1 Introduction 6.2 Empowerment upstream 6.3 Patterns: locking-in and locking-out 6.4 Empowerment downstream: how can a user weaponize against locking-in and locking-out? 6.5 Resilience and the role of government 7 Reflections References