ENISA Outlines Privacy and Data Protection Recommendations

November 19, 2008

The new ENISA report, ‘Inside the matrix: Privacy & data protection challenges’, published on 14 November, presents a grid of policy and legal challenges with 13 recommendations.

ENISA states that privacy and the protection of personal data are critical challenges ‘as technology increasingly invades our everyday lives and becomes an integral part of what we do and, at times, of what we are’. But it takes the view that data protection laws and regulations seem obsolete or inadequate to address new challenges. Therefore, ENISA established a Working Group on Privacy & Technology to analyse the gaps and the implications for the current EU legal framework in a report. Samples of the 13 ENISA recommendations include:
• The European Commission and the Member States should encourage an incentive system connected to a certification scheme and an effective economic sanctions systems, as well as tax incentives. Industry is recommended for example always to analyse privacy risk through Privacy Impact Assessment methodologies when defining privacy and security policy.
• Online subject access is described as a ‘Cinderella’ human right. ENISA and the Article 29 Working Party (WP) should conduct a policy analysis on how to re-frame the legal right of subject access, to give individuals maximal data access at zero cost.
• The EU Commission should introduce a comprehensive security breach notification law, to enable data protection authorities and individuals to better identify, understand and react to incidents.
• The European Commission should propose a legal instrument to identity the Best Available Techniques (BATs), to ensure effective auditing and certification of data collection by industry and data protection authorities.
• On identity management, EU and national law and policy makers should re-evaluate legitimacy and proportionality grounds for processing real names and additional personal data proven by digital certificates.
• To confront the challenge in keeping personal data of citizens within the EU jurisdiction and to provide a new tool that would enable users to manage proximity and distance with others in the digital space, both in a legal and a social sense, it is recommended that the Article 29 Working Party and the EU Commission explore the notions of digital territory, property and space, eg to extend the principle of legal sanctuary in real life to the digital world

The Executive Director of ENISA, Mr Andrea Pirotti commented on the Report:
The gap analysis between the existing regulations and incentives and the technological challenges of our modern society, underlines the need for original thinking, decisive actions, and to close the gaps if we are to retain and boost citizens’ trust in Information Society.’

You can access the full report here: http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_wg_report.pdf