SlideShare a Scribd company logo

Trustworthy infrastructure for personal data management

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

© European Union Agency for Network and Information Security (ENISA), 2013 http://enisa.europa.eu

Technology
1 of 8
www.enisa.europa.eu Please replace background with image Trustworthy Infrastructure for Personal Data Management Udo Helmbrecht Executive Director, ENISA Digital Enlightenment Forum Brussels, 19th September 2013
www.enisa.europa.eu Virtual world and privacy • Divergent approaches – Personal data protection vs. data retention • Difference of perception across countries/regions – Privacy – human right in EU or consumer right in US • A new currency: personal data • Contradictory expectations and practice – Privacy - fundamental human right in the EU – Users concerned about privacy • 93% of participants in ENISA study1 – Users wiling to disclose more personal data for discounts • up to 87% of participants, in some cases, for 0.5 € discount in the study 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
www.enisa.europa.eu Data protection • Fundamental human right in the EU2 • Legislation reform • Current context very complex Data retention1 • Legislation not transposed in all 27 MS • Different interpretation • Current context very complex • Questionable practice / deployment Technology • Scalability • Advances in ICT • Different technologies, lack of level playing field • Cost of deployment for secure solutions • Pan-European approach for information security needed • Different technologies • Cost of deployment for secure solutions • Scalability of the solutions • PETs still under development • Deployment costs • Scalability of the solutions • ‘Blanket’ interception • Deep packet inspection Complex interactions 1 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006: 105:0054:0063:EN:PDF 2 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
www.enisa.europa.eu ‘The right to be forgotten’ 1 between expectations and practice • Included in the proposed regulation on “the processing of personal data and on the free movement of such data” published by the EC in Jan 2012. • ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. • A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible • Technologies do exist that minimize the amount of personal data collected and stored online • Personal data is the new currency in the cyberspace! 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten
www.enisa.europa.eu Notification about security breaches in the EU legislation Article 13a of the Framework Directive for electronic communication Article 4 of the e-Privacy Directive Article 15 of the Draft Regulation on e-identities Articles 30, 31 and 32 of the Draft General Data Protection Regulation Framework Directive, E-Privacy Directive, e-ID Regulation, Data Protection Regulation Commonalities and diifferences between notification articlesRelevant notification articles Source: EU Cyber Incident Reporting, ENISA 2012 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents- reporting/cyber-incident-reporting-in-the-eu
www.enisa.europa.eu Trust in the infrastructure Gaps in supply chain • Technical level – For software – Trusted Computing – No efficient methods to control HW components • HW trojans, counterfeit elements, reverse engineering, side channel attacks • Physical analysis is complex, time consuming, costly • Labelling/marking is subject to counterfeiting • Risk analysis framework – Product driven – Based on financial risk – No methods for dynamic real time systems • Standardisation scheme – Existing certification schemes not addressed for complex supply chains – Lack of efficient technical solutions does not allow for implementation of controls
www.enisa.europa.eu Towards secure infrastructure for data processing • The challenges extend beyond MS borders, hence… – MSs and the EU need close collaboration with industry and research • A gap is observed between – what is possible at technological level – what is available at market place and proposed by policy makers • Users are primarily interested in – Convenience, ease of use – Price (preferably free) • Technical issues in implementation of data protection mechanisms – Right to be forgotten – Minimal disclosure – Portability of profiles • The role of standardisation is still not clear
www.enisa.europa.eu European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu

Recommended

Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standardsEuropean Union Agency for Network and Information Security (ENISA)
 
Security and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationSecurity and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationMindaugas Kiskis
 
Steve Purser
Steve Purser Steve Purser
Steve Purser globalforum11
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Union Agency for Network and Information Security (ENISA)
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523European Union Agency for Network and Information Security (ENISA)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesArthit Suriyawongkul
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFIDConsiderati
 

Recommended

Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standardsEuropean Union Agency for Network and Information Security (ENISA)
 
Security and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationSecurity and confidentiality of Advocate-Client Electronic Communication
Security and confidentiality of Advocate-Client Electronic CommunicationMindaugas Kiskis
 
Steve Purser
Steve Purser Steve Purser
Steve Purser globalforum11
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Union Agency for Network and Information Security (ENISA)
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523European Union Agency for Network and Information Security (ENISA)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesArthit Suriyawongkul
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFIDConsiderati
 
Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles EindhovenRick Schager
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)schermerbw
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsMohan Raj
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System European Union Agency for Network and Information Security (ENISA)
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Verina Ingram
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationEPR1
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageUldis Zarins
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in GreeceKevin Duffey
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasBrowne Jacobson LLP
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie GuibaultOpenAIRE
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual propertiesWendy Lile
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...locloud
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directivezoobab
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesEuropean Union Agency for Network and Information Security (ENISA)
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoTFrancesca Giannoni-Crystal
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissieEuropadialoog
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network InfrastructureEuropean Union Agency for Network and Information Security (ENISA)
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunEuropean Trade Union Institute
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for DataBig Data Value Association
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentationreporter1120
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information securityEuropean Union Agency for Network and Information Security (ENISA)
 

More Related Content

What's hot

Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles EindhovenRick Schager
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)schermerbw
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsMohan Raj
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Verina Ingram
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationEPR1
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageUldis Zarins
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in GreeceKevin Duffey
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasBrowne Jacobson LLP
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie GuibaultOpenAIRE
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual propertiesWendy Lile
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...locloud
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directivezoobab
 

What's hot (13)

Open Data Principles Eindhoven
Open Data Principles EindhovenOpen Data Principles Eindhoven
Open Data Principles Eindhoven
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
 
Legal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTsLegal Aspects Of Business Unit - 5 PPTs
Legal Aspects Of Business Unit - 5 PPTs
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon Integrating customary and legal systems for forest product governance, Cameroon
Integrating customary and legal systems for forest product governance, Cameroon
 
Renzo Andrich_EASTIN Association
Renzo Andrich_EASTIN AssociationRenzo Andrich_EASTIN Association
Renzo Andrich_EASTIN Association
 
Challenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritageChallenges of long-term preservation of digital cultural heritage
Challenges of long-term preservation of digital cultural heritage
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
 
4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault4th OpenAIRE Workshop, Lucie Guibault
4th OpenAIRE Workshop, Lucie Guibault
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
 
LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...LoCloud Collections: set up your own digital library, museum or archive in th...
LoCloud Collections: set up your own digital library, museum or archive in th...
 
Hacking tools-directive
Hacking tools-directiveHacking tools-directive
Hacking tools-directive
 

Similar to Trustworthy infrastructure for personal data management

Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissieEuropadialoog
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentationreporter1120
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentationreporter1120
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalWsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalValentin Korobkov
 
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...Internet Society
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...BigData_Europe
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
Quick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart MeteringQuick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart Meteringnuances
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextATMOSPHERE .
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestLilian Edwards
 

Similar to Trustworthy infrastructure for personal data management (20)

The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
 
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle BrunETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
ETUI-ETUC conference 2016 Panel 23 Emmanuelle Brun
 
A European Strategy for Data
A European Strategy for DataA European Strategy for Data
A European Strategy for Data
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
Right to be forgotten presentation
Right to be forgotten presentationRight to be forgotten presentation
Right to be forgotten presentation
 
Future scenarios and the impact of digitalization on OSH
Future scenarios and the impact of digitalization on OSHFuture scenarios and the impact of digitalization on OSH
Future scenarios and the impact of digitalization on OSH
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalWsgr eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - final
 
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
Policies impacting the Internet in Europe - An ISOC European Regional Bureau...
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
Hannes astok digital_security_2012
Hannes astok digital_security_2012Hannes astok digital_security_2012
Hannes astok digital_security_2012
 
Quick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart MeteringQuick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart Metering
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil context
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 

Recently uploaded

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Trustworthy infrastructure for personal data management

  • 1. www.enisa.europa.eu Please replace background with image Trustworthy Infrastructure for Personal Data Management Udo Helmbrecht Executive Director, ENISA Digital Enlightenment Forum Brussels, 19th September 2013
  • 2. www.enisa.europa.eu Virtual world and privacy • Divergent approaches – Personal data protection vs. data retention • Difference of perception across countries/regions – Privacy – human right in EU or consumer right in US • A new currency: personal data • Contradictory expectations and practice – Privacy - fundamental human right in the EU – Users concerned about privacy • 93% of participants in ENISA study1 – Users wiling to disclose more personal data for discounts • up to 87% of participants, in some cases, for 0.5 € discount in the study 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
  • 3. www.enisa.europa.eu Data protection • Fundamental human right in the EU2 • Legislation reform • Current context very complex Data retention1 • Legislation not transposed in all 27 MS • Different interpretation • Current context very complex • Questionable practice / deployment Technology • Scalability • Advances in ICT • Different technologies, lack of level playing field • Cost of deployment for secure solutions • Pan-European approach for information security needed • Different technologies • Cost of deployment for secure solutions • Scalability of the solutions • PETs still under development • Deployment costs • Scalability of the solutions • ‘Blanket’ interception • Deep packet inspection Complex interactions 1 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006: 105:0054:0063:EN:PDF 2 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
  • 4. www.enisa.europa.eu ‘The right to be forgotten’ 1 between expectations and practice • Included in the proposed regulation on “the processing of personal data and on the free movement of such data” published by the EC in Jan 2012. • ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. • A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible • Technologies do exist that minimize the amount of personal data collected and stored online • Personal data is the new currency in the cyberspace! 1 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten
  • 5. www.enisa.europa.eu Notification about security breaches in the EU legislation Article 13a of the Framework Directive for electronic communication Article 4 of the e-Privacy Directive Article 15 of the Draft Regulation on e-identities Articles 30, 31 and 32 of the Draft General Data Protection Regulation Framework Directive, E-Privacy Directive, e-ID Regulation, Data Protection Regulation Commonalities and diifferences between notification articlesRelevant notification articles Source: EU Cyber Incident Reporting, ENISA 2012 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents- reporting/cyber-incident-reporting-in-the-eu
  • 6. www.enisa.europa.eu Trust in the infrastructure Gaps in supply chain • Technical level – For software – Trusted Computing – No efficient methods to control HW components • HW trojans, counterfeit elements, reverse engineering, side channel attacks • Physical analysis is complex, time consuming, costly • Labelling/marking is subject to counterfeiting • Risk analysis framework – Product driven – Based on financial risk – No methods for dynamic real time systems • Standardisation scheme – Existing certification schemes not addressed for complex supply chains – Lack of efficient technical solutions does not allow for implementation of controls
  • 7. www.enisa.europa.eu Towards secure infrastructure for data processing • The challenges extend beyond MS borders, hence… – MSs and the EU need close collaboration with industry and research • A gap is observed between – what is possible at technological level – what is available at market place and proposed by policy makers • Users are primarily interested in – Convenience, ease of use – Price (preferably free) • Technical issues in implementation of data protection mechanisms – Right to be forgotten – Minimal disclosure – Portability of profiles • The role of standardisation is still not clear
  • 8. www.enisa.europa.eu European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu