SlideShare a Scribd company logo

Trustworthy infrastructure for personal data management

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

© European Union Agency for Network and Information Security (ENISA), 2013 http://enisa.europa.eu

Technology
1 of 8
www.enisa.europa.eu Please replace background with image Trustworthy Infrastructure for Personal Data Management Udo Helmbrecht Executive Director, ENISA Digital Enlightenment Forum Brussels, 19th September 2013
www.enisa.europa.eu Virtual world and privacy • Divergent approaches – Personal data protection vs. data retention • Difference of perception across countries/regions – Privacy – human right in EU or consumer right in US • A new currency: personal data • Contradictory expectations and practice – Privacy - fundamental human right in the EU – Users concerned about privacy • 93% of participants in ENISA study1 – Users wiling to disclose more personal data for discounts • up to 87% of participants, in some cases, for 0.5 € discount in the study 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
www.enisa.europa.eu Data protection • Fundamental human right in the EU2 • Legislation reform • Current context very complex Data retention1 • Legislation not transposed in all 27 MS • Different interpretation • Current context very complex • Questionable practice / deployment Technology • Scalability • Advances in ICT • Different technologies, lack of level playing field • Cost of deployment for secure solutions • Pan-European approach for information security needed • Different technologies • Cost of deployment for secure solutions • Scalability of the solutions • PETs still under development • Deployment costs • Scalability of the solutions • ‘Blanket’ interception • Deep packet inspection Complex interactions 1 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006: 105:0054:0063:EN:PDF 2 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
www.enisa.europa.eu ‘The right to be forgotten’ 1 between expectations and practice • Included in the proposed regulation on “the processing of personal data and on the free movement of such data” published by the EC in Jan 2012. • ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. • A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible • Technologies do exist that minimize the amount of personal data collected and stored online • Personal data is the new currency in the cyberspace! 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten
www.enisa.europa.eu Notification about security breaches in the EU legislation Article 13a of the Framework Directive for electronic communication Article 4 of the e-Privacy Directive Article 15 of the Draft Regulation on e-identities Articles 30, 31 and 32 of the Draft General Data Protection Regulation Framework Directive, E-Privacy Directive, e-ID Regulation, Data Protection Regulation Commonalities and diifferences between notification articlesRelevant notification articles Source: EU Cyber Incident Reporting, ENISA 2012 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents- reporting/cyber-incident-reporting-in-the-eu
www.enisa.europa.eu Trust in the infrastructure Gaps in supply chain • Technical level – For software – Trusted Computing – No efficient methods to control HW components • HW trojans, counterfeit elements, reverse engineering, side channel attacks • Physical analysis is complex, time consuming, costly • Labelling/marking is subject to counterfeiting • Risk analysis framework – Product driven – Based on financial risk – No methods for dynamic real time systems • Standardisation scheme – Existing certification schemes not addressed for complex supply chains – Lack of efficient technical solutions does not allow for implementation of controls
www.enisa.europa.eu Towards secure infrastructure for data processing • The challenges extend beyond MS borders, hence… – MSs and the EU need close collaboration with industry and research • A gap is observed between – what is possible at technological level – what is available at market place and proposed by policy makers • Users are primarily interested in – Convenience, ease of use – Price (preferably free) • Technical issues in implementation of data protection mechanisms – Right to be forgotten – Minimal disclosure – Portability of profiles • The role of standardisation is still not clear
www.enisa.europa.eu European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu

Recommended

Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
European Union Agency for Network and Information Security (ENISA)
 
Security and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationSecurity and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic Communication
Mindaugas Kiskis
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
globalforum11
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
European Union Agency for Network and Information Security (ENISA)
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523
European Union Agency for Network and Information Security (ENISA)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity Differences
Arthit Suriyawongkul
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
Considerati
 

Recommended

Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
European Union Agency for Network and Information Security (ENISA)
 
Security and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationSecurity and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic Communication
Mindaugas Kiskis
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
globalforum11
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
European Union Agency for Network and Information Security (ENISA)
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523
European Union Agency for Network and Information Security (ENISA)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity Differences
Arthit Suriyawongkul
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
Considerati
 
Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles Eindhoven
Rick Schager
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
schermerbw
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTs
Mohan Raj
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
European Union Agency for Network and Information Security (ENISA)
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon
Verina Ingram
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN Association
EPR1
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritage
Uldis Zarins
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
Kevin Duffey
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Browne Jacobson LLP
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault
OpenAIRE
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
Wendy Lile
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
locloud
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directive
zoobab
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
European Union Agency for Network and Information Security (ENISA)
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
Francesca Giannoni-Crystal
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
Europadialoog
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
European Union Agency for Network and Information Security (ENISA)
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
AFRINIC
 
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
European Trade Union Institute
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
Big Data Value Association
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
European Union Agency for Network and Information Security (ENISA)
 

More Related Content

What's hot

"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
Wendy Lile
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
locloud
 

What's hot (13)

Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles Eindhoven
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTs
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN Association
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritage
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directive
 

Similar to Trustworthy infrastructure for personal data management

Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
Europadialoog
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
Big Data Value Association
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
reporter1120
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalWsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - final
Valentin Korobkov
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
manelmedina
 

Similar to Trustworthy infrastructure for personal data management (20)

The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
 
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
Future scenarios and the impact of digitalization on OSH
Future scenarios and the impact of digitalization on OSHFuture scenarios and the impact of digitalization on OSH
Future scenarios and the impact of digitalization on OSH
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalWsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - final
 
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
Hannes astok digital_security_2012
Hannes astok digital_security_2012Hannes astok digital_security_2012
Hannes astok digital_security_2012
 
Quick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart MeteringQuick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart Metering
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil context
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Trustworthy infrastructure for personal data management

  • 1. www.enisa.europa.eu Please replace background with image Trustworthy Infrastructure for Personal Data Management Udo Helmbrecht Executive Director, ENISA Digital Enlightenment Forum Brussels, 19th September 2013
  • 2. www.enisa.europa.eu Virtual world and privacy • Divergent approaches – Personal data protection vs. data retention • Difference of perception across countries/regions – Privacy – human right in EU or consumer right in US • A new currency: personal data • Contradictory expectations and practice – Privacy - fundamental human right in the EU – Users concerned about privacy • 93% of participants in ENISA study1 – Users wiling to disclose more personal data for discounts • up to 87% of participants, in some cases, for 0.5 € discount in the study 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
  • 3. www.enisa.europa.eu Data protection • Fundamental human right in the EU2 • Legislation reform • Current context very complex Data retention1 • Legislation not transposed in all 27 MS • Different interpretation • Current context very complex • Questionable practice / deployment Technology • Scalability • Advances in ICT • Different technologies, lack of level playing field • Cost of deployment for secure solutions • Pan-European approach for information security needed • Different technologies • Cost of deployment for secure solutions • Scalability of the solutions • PETs still under development • Deployment costs • Scalability of the solutions • ‘Blanket’ interception • Deep packet inspection Complex interactions 1 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006: 105:0054:0063:EN:PDF 2 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
  • 4. www.enisa.europa.eu ‘The right to be forgotten’ 1 between expectations and practice • Included in the proposed regulation on “the processing of personal data and on the free movement of such data” published by the EC in Jan 2012. • ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. • A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible • Technologies do exist that minimize the amount of personal data collected and stored online • Personal data is the new currency in the cyberspace! 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten
  • 5. www.enisa.europa.eu Notification about security breaches in the EU legislation Article 13a of the Framework Directive for electronic communication Article 4 of the e-Privacy Directive Article 15 of the Draft Regulation on e-identities Articles 30, 31 and 32 of the Draft General Data Protection Regulation Framework Directive, E-Privacy Directive, e-ID Regulation, Data Protection Regulation Commonalities and diifferences between notification articlesRelevant notification articles Source: EU Cyber Incident Reporting, ENISA 2012 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents- reporting/cyber-incident-reporting-in-the-eu
  • 6. www.enisa.europa.eu Trust in the infrastructure Gaps in supply chain • Technical level – For software – Trusted Computing – No efficient methods to control HW components • HW trojans, counterfeit elements, reverse engineering, side channel attacks • Physical analysis is complex, time consuming, costly • Labelling/marking is subject to counterfeiting • Risk analysis framework – Product driven – Based on financial risk – No methods for dynamic real time systems • Standardisation scheme – Existing certification schemes not addressed for complex supply chains – Lack of efficient technical solutions does not allow for implementation of controls
  • 7. www.enisa.europa.eu Towards secure infrastructure for data processing • The challenges extend beyond MS borders, hence… – MSs and the EU need close collaboration with industry and research • A gap is observed between – what is possible at technological level – what is available at market place and proposed by policy makers • Users are primarily interested in – Convenience, ease of use – Price (preferably free) • Technical issues in implementation of data protection mechanisms – Right to be forgotten – Minimal disclosure – Portability of profiles • The role of standardisation is still not clear
  • 8. www.enisa.europa.eu European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu