EU Agency ENISA presents a grid of policy & legal challenges with 13 recommendations Tax break incentives, online subject access at zero cost, and comprehensive security breach notification law among 13 recommendations proposed in a report on privacy & technology launched by the EU Agency ENISA.
Today, privacy and the protection of personal data are critical challenges in our modern society, as technology increasingly invades our everyday lives and becomes an integral part of what we do and, at times, of what we are. And yet, data protection laws and regulations seem obsolete or inadequate to address these new challenges. Therefore, ENISA established a Working Group on Privacy & Technology to analyse the gaps and the implications for the current EU legal framework in a report. The ENISA Working Group offers a set of 13 key recommendations. Samples of the 13 ENISA recommendations include:
-
The European Commission and the Member States should encourage an incentive system connected to a certification scheme and an effective economic sanctions systems, as well as tax incentives. Industry is recommended to e.g., always analyse privacy risk through Privacy Impact Assessment methodologies, when defining their privacy and security policy.
-
Online Subject Access: a “Cinderella” human right? The EU Data Protection frameworkgives strong legal rights for individuals to learn what companies know about them – the right of “data subject access”. The implementation of this right is however not in pace with the online developments. ENISA and the Article 29 Working Party (WP) should therefore conduct a policy analysis on how to re-frame the legal right of subject access, to give individuals maximal data access at zero cost.
-
The EU Commission should introduce a comprehensive security breach notification law, to enable Data Protection Authorities (DPAs) and individuals to better identify, understand and react to incidents.
-
The European Commission should propose a legal instrument to identity the Best Available Techniques (BATs), to ensure effective auditing and certification of data collection by Industry and DPAs.
-
Identity Management. EU and national law and policy makers on should re-evaluate legitimacy and proportionality grounds for processing real names and additional personal data proven by digital certificates.
-
To confront the challenge in keeping personal data of citizens within the EU jurisdiction and to provide a new tool that would enable users to manage proximity and distance with others in the digital space, both in a legal and a social sense, it is recommended that the Art. 29 WP and the EU Commission explore the notions of Digital Territory, property and space, e.g. to extend the principle of legal sanctuary in real life to the digital world
The Agency commented on the Report:
“The gap analysis between the existing regulations and incentives and the technological challenges of our modern society, underlines the need for original thinking, decisive actions, and to close the gaps if we are to retain and boost citizens’ trust in Information Society.”