Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

ENISA Calls For Privacy by Design

The European Union Agency for Network and Information Security (ENISA) has published a new report on online privacy and data protection.

The agency believes the key to protecting privacy, which has been declared a fundamental right, is to focus on privacy and data protection from the beginning of the design process.

The European Union Agency for Network and Information Security (ENISA) has published a new report on online privacy and data protection.

The agency believes the key to protecting privacy, which has been declared a fundamental right, is to focus on privacy and data protection from the beginning of the design process.

The problem is that existing policy doesn’t offer any incentives for adopting privacy by design. In addition to new policies, ENISA says new electronic communication standards should also focus more on privacy and data protection.

The study points out that encryption, anonymous communications protocols, private database searches, attribute-based credentials, and other privacy-enhancing technologies have been demonstrated to be effective.

Encryption is becoming widely used, especially because of the recent revelations about the advanced capabilities of spy agencies. However, other technologies have not become a standard and they’re not utilized as much as they should be in system design, ENISA noted.

“The term ‘Privacy by Design’, or its variation ‘Data Protection by Design’, has been coined as a development method for privacy-friendly systems and services, thereby going beyond mere technical solutions and addressing organisational procedures and business models as well,” the report reads. “Although the concept has found its way into legislation as the proposed European General Data Protection Regulation, its concrete implementation remains unclear at the present moment.”

The report is addressed to policy makers, data protection authorities, researchers, engineers, and regulators. It details approaches, strategies, and technical aspects, and provides recommendations on how to implement privacy by design with the aid of engineering methods.

ENISA says legislators need to promote data protection and privacy in their norms, and policy makers should come up with incentives for privacy-friendly services. Standardization bodies are advised to include privacy considerations into the standardization process, and provide standards for the interoperability of privacy features.

Advertisement. Scroll to continue reading.

The agency also believes data protection authorities should play an important part in providing independent guidance and tools for privacy engineering. The research community should focus its efforts on privacy engineering and, in collaboration with software development tool providers, offer solutions enabling intuitive implementation of privacy properties.

The EU agency published its report just as British Prime Minister David Cameron announced his intention to introduce a new law banning encrypted communications that cannot be accessed by authorities. Experts believe this approach will not do much good. On the contrary, it will put consumers and organizations at risk.

ENISA’s report, Privacy and Data Protection by Design, is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.