SlideShare a Scribd company logo

Trustworthy infrastructure for personal data management

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

© European Union Agency for Network and Information Security (ENISA), 2013 http://enisa.europa.eu

Technology
1 of 8
www.enisa.europa.eu Please replace background with image Trustworthy Infrastructure for Personal Data Management Udo Helmbrecht Executive Director, ENISA Digital Enlightenment Forum Brussels, 19th September 2013
www.enisa.europa.eu Virtual world and privacy • Divergent approaches – Personal data protection vs. data retention • Difference of perception across countries/regions – Privacy – human right in EU or consumer right in US • A new currency: personal data • Contradictory expectations and practice – Privacy - fundamental human right in the EU – Users concerned about privacy • 93% of participants in ENISA study1 – Users wiling to disclose more personal data for discounts • up to 87% of participants, in some cases, for 0.5 € discount in the study 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
www.enisa.europa.eu Data protection • Fundamental human right in the EU2 • Legislation reform • Current context very complex Data retention1 • Legislation not transposed in all 27 MS • Different interpretation • Current context very complex • Questionable practice / deployment Technology • Scalability • Advances in ICT • Different technologies, lack of level playing field • Cost of deployment for secure solutions • Pan-European approach for information security needed • Different technologies • Cost of deployment for secure solutions • Scalability of the solutions • PETs still under development • Deployment costs • Scalability of the solutions • ‘Blanket’ interception • Deep packet inspection Complex interactions 1 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006: 105:0054:0063:EN:PDF 2 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
www.enisa.europa.eu ‘The right to be forgotten’ 1 between expectations and practice • Included in the proposed regulation on “the processing of personal data and on the free movement of such data” published by the EC in Jan 2012. • ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. • A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible • Technologies do exist that minimize the amount of personal data collected and stored online • Personal data is the new currency in the cyberspace! 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten
www.enisa.europa.eu Notification about security breaches in the EU legislation Article 13a of the Framework Directive for electronic communication Article 4 of the e-Privacy Directive Article 15 of the Draft Regulation on e-identities Articles 30, 31 and 32 of the Draft General Data Protection Regulation Framework Directive, E-Privacy Directive, e-ID Regulation, Data Protection Regulation Commonalities and diifferences between notification articlesRelevant notification articles Source: EU Cyber Incident Reporting, ENISA 2012 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents- reporting/cyber-incident-reporting-in-the-eu
www.enisa.europa.eu Trust in the infrastructure Gaps in supply chain • Technical level – For software – Trusted Computing – No efficient methods to control HW components • HW trojans, counterfeit elements, reverse engineering, side channel attacks • Physical analysis is complex, time consuming, costly • Labelling/marking is subject to counterfeiting • Risk analysis framework – Product driven – Based on financial risk – No methods for dynamic real time systems • Standardisation scheme – Existing certification schemes not addressed for complex supply chains – Lack of efficient technical solutions does not allow for implementation of controls
www.enisa.europa.eu Towards secure infrastructure for data processing • The challenges extend beyond MS borders, hence… – MSs and the EU need close collaboration with industry and research • A gap is observed between – what is possible at technological level – what is available at market place and proposed by policy makers • Users are primarily interested in – Convenience, ease of use – Price (preferably free) • Technical issues in implementation of data protection mechanisms – Right to be forgotten – Minimal disclosure – Portability of profiles • The role of standardisation is still not clear
www.enisa.europa.eu European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu

Recommended

Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
European Union Agency for Network and Information Security (ENISA)
 
Security and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationSecurity and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic Communication
Mindaugas Kiskis
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
globalforum11
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
European Union Agency for Network and Information Security (ENISA)
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523
European Union Agency for Network and Information Security (ENISA)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity Differences
Arthit Suriyawongkul
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
Considerati
 

Recommended

Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
European Union Agency for Network and Information Security (ENISA)
 
Security and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationSecurity and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic Communication
Mindaugas Kiskis
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
globalforum11
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
European Union Agency for Network and Information Security (ENISA)
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523
European Union Agency for Network and Information Security (ENISA)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity Differences
Arthit Suriyawongkul
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
Considerati
 
Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles Eindhoven
Rick Schager
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
schermerbw
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTs
Mohan Raj
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
European Union Agency for Network and Information Security (ENISA)
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon
Verina Ingram
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN Association
EPR1
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritage
Uldis Zarins
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
Kevin Duffey
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Browne Jacobson LLP
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault
OpenAIRE
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
Wendy Lile
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
locloud
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directive
zoobab
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
European Union Agency for Network and Information Security (ENISA)
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
Francesca Giannoni-Crystal
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
Europadialoog
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
European Union Agency for Network and Information Security (ENISA)
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
AFRINIC
 
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
European Trade Union Institute
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
Big Data Value Association
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
European Union Agency for Network and Information Security (ENISA)
 

More Related Content

What's hot

"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
Wendy Lile
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
locloud
 

What's hot (13)

Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles Eindhoven
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTs
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN Association
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritage
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directive
 

Similar to Trustworthy infrastructure for personal data management

Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
Europadialoog
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
Big Data Value Association
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalWsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - final
Valentin Korobkov
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
manelmedina
 

Similar to Trustworthy infrastructure for personal data management (20)

The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
 
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
Future scenarios and the impact of digitalization on OSH
Future scenarios and the impact of digitalization on OSHFuture scenarios and the impact of digitalization on OSH
Future scenarios and the impact of digitalization on OSH
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalWsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - final
 
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
Hannes astok digital_security_2012
Hannes astok digital_security_2012Hannes astok digital_security_2012
Hannes astok digital_security_2012
 
Quick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart MeteringQuick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart Metering
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil context
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Trustworthy infrastructure for personal data management

  • 1. www.enisa.europa.eu Please replace background with image Trustworthy Infrastructure for Personal Data Management Udo Helmbrecht Executive Director, ENISA Digital Enlightenment Forum Brussels, 19th September 2013
  • 2. www.enisa.europa.eu Virtual world and privacy • Divergent approaches – Personal data protection vs. data retention • Difference of perception across countries/regions – Privacy – human right in EU or consumer right in US • A new currency: personal data • Contradictory expectations and practice – Privacy - fundamental human right in the EU – Users concerned about privacy • 93% of participants in ENISA study1 – Users wiling to disclose more personal data for discounts • up to 87% of participants, in some cases, for 0.5 € discount in the study 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
  • 3. www.enisa.europa.eu Data protection • Fundamental human right in the EU2 • Legislation reform • Current context very complex Data retention1 • Legislation not transposed in all 27 MS • Different interpretation • Current context very complex • Questionable practice / deployment Technology • Scalability • Advances in ICT • Different technologies, lack of level playing field • Cost of deployment for secure solutions • Pan-European approach for information security needed • Different technologies • Cost of deployment for secure solutions • Scalability of the solutions • PETs still under development • Deployment costs • Scalability of the solutions • ‘Blanket’ interception • Deep packet inspection Complex interactions 1 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006: 105:0054:0063:EN:PDF 2 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
  • 4. www.enisa.europa.eu ‘The right to be forgotten’ 1 between expectations and practice • Included in the proposed regulation on “the processing of personal data and on the free movement of such data” published by the EC in Jan 2012. • ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. • A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible • Technologies do exist that minimize the amount of personal data collected and stored online • Personal data is the new currency in the cyberspace! 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten
  • 5. www.enisa.europa.eu Notification about security breaches in the EU legislation Article 13a of the Framework Directive for electronic communication Article 4 of the e-Privacy Directive Article 15 of the Draft Regulation on e-identities Articles 30, 31 and 32 of the Draft General Data Protection Regulation Framework Directive, E-Privacy Directive, e-ID Regulation, Data Protection Regulation Commonalities and diifferences between notification articlesRelevant notification articles Source: EU Cyber Incident Reporting, ENISA 2012 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents- reporting/cyber-incident-reporting-in-the-eu
  • 6. www.enisa.europa.eu Trust in the infrastructure Gaps in supply chain • Technical level – For software – Trusted Computing – No efficient methods to control HW components • HW trojans, counterfeit elements, reverse engineering, side channel attacks • Physical analysis is complex, time consuming, costly • Labelling/marking is subject to counterfeiting • Risk analysis framework – Product driven – Based on financial risk – No methods for dynamic real time systems • Standardisation scheme – Existing certification schemes not addressed for complex supply chains – Lack of efficient technical solutions does not allow for implementation of controls
  • 7. www.enisa.europa.eu Towards secure infrastructure for data processing • The challenges extend beyond MS borders, hence… – MSs and the EU need close collaboration with industry and research • A gap is observed between – what is possible at technological level – what is available at market place and proposed by policy makers • Users are primarily interested in – Convenience, ease of use – Price (preferably free) • Technical issues in implementation of data protection mechanisms – Right to be forgotten – Minimal disclosure – Portability of profiles • The role of standardisation is still not clear
  • 8. www.enisa.europa.eu European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu