When using the Internet, we reveal much personal information both willingly and indadvertedly. Companies use this information for targeted advertisement and thereby to finance the services they offer to users. The mechanisms used today to protect users' personal information are lacking resulting in far too frequent privacy and security breaches that put the users at risk. In this article we argue that applications on the Internet should be built with privacy and security as a mandatory requirement, then provide an overview of the state of the art in privacy-enhancing mechanisms, and conclude with a roadmap towards a privacy-enhanced digital world, and pointing out a number of challenges that need to be solved. © 2012 Elsevier B.V. All rights reserved.