Purpose -In order to enhance privacy protection during electronic transactions, we propose, develop and evaluate a personal data management framework called Polis, which abides by the following principle: Every individual has absolute control over her personal data, which reside only at her own side. Design/methodology/approach -The paper identifies representative electronic transactions that involve personal data and proposes Polis-based protocols for them. The approach is evaluated on a Polis prototype both as a stand-alone application and as part of a commercial database management system. Findings -The results of this work indicate that electronic transactions can remain both feasible and straightforward, while personal data remain only at the owner's side. Research limitations/implications -The paper describes a Polis-approach implementing prototype, which is easy to deploy and friendly to current information management technologies. However, the usability of the prototype has to be enhanced with supporting tools for editing personal data and policies and a more intuitive user interface. Finally, the Polis-platform enables a new class of user-centered distributed applications, which we intend to investigate. Practical implications -Even though the conditions for a personal data management approach like Polis are mature, and Polis can be progressively adopted, it still entails a major change in current business practices. Originality/value -The paper proposes a new paradigm for the management of personal data, which admits individuals to have their personal data stored only at their own side. The new approach can be of mutual benefit to both individuals and companies.