This paper focuses on the inherent trade-off between privacy and access control in pervasive computing environments (PCEs). On one hand, service providers require user authentication and authorization for the provision of a service, while at the same time end users require untraceability and unlinkability for their transactions. There are also cases where the anonymity of a specific credential must be revoked and a real identity be traced, in order to establish accountability. We analyze privacy and security requirements for PCEs and we show that existing privacy-preserving access control schemes do not fully satisfy these requirements. Then we propose two approaches towards privacy-preserving access control in PCEs. Our goal is twofold: (a) to enhance privacy by achieving untraceability and unlinkability even against malicious insiders and (b) to enhance security by achieving conditional traceability of user credentials, and if possible, non-repudiation of evidence concerning the user's participating in a transaction. Finally, we analyze and compare the proposed schemes against existing schemes. Copyright © 2011 John Wiley & Sons, Ltd.