A method and system is disclosed for enforcing at least one privacy policy in relation to user data, the system comprising: a user system, a broker system, and a service provider system, the user system being operable to: encrypt the user data using a symmetric encryption algorithm and an encryption key generated in dependence on said at least one privacy policy and a master key associated with the user system; and transmit the encrypted user data to the service provider in the form of a digital container that includes the encrypted user data and said at least one privacy policy; and the broker system being operable to: receive a request from the service provider to access the user data, the request including said at least one privacy policy; verify that the request complies with said at least one privacy policy; and if so, regenerate the encryption key in dependence on the master key and at least one privacy policy supplied by the service provider, whereby the service provider system is able to decrypt the user data using a symmetric decryption algorithm and the regenerated encryption key.