Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Euro security agency says MORE crypto needed in gov policy

Your move, David Cameron

Governments need to build more privacy into legislation,technology vendors need to step up and compliance cops should crack down to push privacy-enhancing technologies out of the labs, says the European Union Agency for Network and Information Security (ENISA).

The agency has issued a report, Privacy and Data Protection by Design - from policy to engineering, in which it says privacy technologies other than encryption receive little attention. The document goes on to make the case for increased privacy by detailing an inventory of technologies and strategies it says will enhance privacy, while also detailing challenges to their implementation.

"We observed that privacy and data protection features are, on the whole, ignored by traditional engineering approaches when implementing the desired functionality," the team said.

"This ignorance is caused and supported by limitations of awareness and understanding of developers and data controllers as well as lacking tools to realise privacy by design.

"While the research community is very active and growing, and constantly improving existing and contributing further building blocks, it is only loosely interlinked with practice."

The worth of privacy technologies was demonstrated in labs but was with "few exceptions" encryption is not a standard component in system design.

Authors said compliance enforcement agencies within the European Union's regulatory privacy and data protection framework must include better incentives and "serious sanctions".

"System developers and service providers need clear incentives to apply privacy by design methods and offer privacy-friendly and legally compliant products and services ... but also to establish effective penalties for those who do not care or even obstruct privacy-friendly solutions," the authors wrote.

They said the notion of achieving a balance between privacy and security was false and should be spiked, as both goals were complimentary and necessary.

The report came ahead of the EU's proposed General Data Protection Regulation set to be enforceable by 2017 which could include fines against non-compliant companies of up to €1 million or two percent of annual worldwide turnover.

Key findings included:

  • Policy makers need to support the development of new incentive mechanisms for privacy-friendly services and need to promote them;
  • The research community needs to further investigate in privacy engineering, especially with a multi disciplinary approach. This process should be supported by research funding agencies;
  • The results of research need to be promoted by policy makers and media;
  • Providers of software development tools and the research community need to offer tools that
  • enable the intuitive implementation of privacy properties;
  • Especially in publicly co-founded infrastructure projects, privacy-supporting components, such as key servers and anonymising relays, should be included;
  • Data protection authorities should play an important role providing independent guidance and assessing modules and tools for privacy engineering;
  • Legislators need to promote privacy and data protection in their norms;
  • Standardisation bodies need to include privacy considerations in the standardisation process
  • Standards for interoperability of privacy features should be provided by standardization bodies.

ENISA's recommendations are at odds with UK prime minister David Cameron's recently-stated intention to backdoor or ban encrypted communications. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like