ENISA publishes today, 12th January 2015, a cutting edge report on Privacy and Data Protection by Design - from policy to engineering. The report aims to bridge the gap between the legal framework and the available technological implementation measures. It provides an inventory of the existing approaches and privacy design strategies, and the technical building blocks of various degree of maturity from research and development. Limitations and inherent constraints are presented with recommendations for their mitigation.
The study, targeted at data protection authorities, policy makers, regulaltors, engineers and researchers, offers an insight into the technological aspect of the current state of the art. It presents the challenges and limitations of by-design principles for privacy and data protection, acts as a reference guide, and intends to improve the effectiveness of future policy in the area.
The main challenges identified in the report are two fold:
- Existing policy doesn’t offer a guarantee for compliance with privacy by design. New policy should give incentives for adopting privacy by design.
- New standards for electronic communication need to consider privacy and data protection, while privacy and data protection-ignorant standards should be out-phased.
Furthermore, privacy by design needs to be linked with the practice taking usability into account.
For the full report: Privacy and Data Protection by Design - from policy to engineering
Background:
Privacy constitutes a core value of individuals and democratic societies. Decades of debate have gone into the manner of embedding these values and legal obligations into systems, preferably from the beginning of the design process. The term “Privacy by Design”, or “Data Protection by Design” refer exactly to this. Although the concept has found its way into legislation, e.g., the proposed European General Data Protection Regulation, its concrete implementation remains presently unclear.