Authors: Tania Basso and Regina Moraes (University of Campinas), Nuno Antunes and Marco Vieira (University of Coimbra)

Frequently users have to provide personal information for being able to use web applications and services. They are commonly confronted with a privacy policy that they must accept, implicitly trusting the provider organization to protect their privacy. The recent trend to develop frameworks for privacy policy definition has moved the state-of-the-art forward, but did not solve the main problems: allow users to express their privacy requirements and assure that these requirements will be enforced. This paper discusses the main challenges towards the development of privacy-aware web applications and services and proposes a research roadmap to tackle these challenges.