ENISA Annual Privacy Forum 2019
The General Data Protection Regulation (GDPR) has been a turning point for personal data protection measures in Europe and it complements the legal framework in force in the area of privacy in telecommunications. As the legal landscape shifts towards the implementation phase of the GDPR and the ongoing legislative scrutiny of the draft ePrivacy Regulation, challenges at hand call for a suitable response from policy makers.
On 13 and 14 June 2019, the EU Agency for Cybersecurity ENISA, the University of Rome Tor Vergata, the European Commission’s DG CONNECT and LUISS University have organised the 7th Annual Privacy Forum 2019 in Rome, Italy.
The Annual Privacy Forum (APF) has become a renowned forum for exchange among policy makers and implementers in the area of privacy and data protection. Over the last years the APF has received recognition across industry players, to complement its original research and policy orientation. In the advent of the publication of Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA, the Agency is seeking to contribute further to the area of personal data protection and privacy under its renewed mandate.
Prof. Dr. Udo Helmbrecht, Executive Director of ENISA, Mr. Giovanni Buttarelli, the European Data Protection Supervisor, and Mr. Peter Eberl representing DG Connect have delivered keynote speeches.
Other notable speakers at this year's edition of the ENISA’s APF include: Prof. Paola Severino (LUISS Guido Carli University), Mr. Giuseppe Busia (The Italian Data Protection Authority, Garante), Prof. Ross Anderson (Cambridge University) and UN Special Rapporteur on the Right to Privacy, Prof. Joe Cannataci.
During the 2-day event, discussions cover such areas as security measures in personal data protection, privacy by design, privacy by default, information and users' rights, artificial intelligence, certification in personal data protection, users' rights, IoT security and privacy, sharing cyber threat intelligence under the general data protection regulation, and the landscape of cybercrime.
The APF has been organised in a context where electronic communication networks and interconnected digital services have become ubiquitous as they have permeated every fold of everyday life. Automated profiling and electronic surveillance have become commodities.
ENISA Executive Director, Udo Helmbrecht stated that “the GDPR has provided a robust legal framework on data protection, which stipulates that security is a data protection principle. However with the substantial number of large-scale data breaches, there is a need for new security models for personal data protection. While the GDPR is a starting point for compliance and service, implementation remains an challenging affair. In terms of security measures, ENISA has been providing guidance, tools and community building for privacy and data protection over the years with the Annual Privacy Forum being one of its strongest instruments, thanks to the various communities engaged and the level of expertise involved. The new ENISA Regulation gives the Agency more latitude to engage with its public and private stakeholders alike.”
The European Data Protection Supervisor, Giovanni Buttarelli stated that “the EU has opened a new chapter not only for data protection but also for critical infrastructure security. In the EU, all DPAs, not just a few of them, need to work with ENISA and information security experts to implement 'security by design' - because cybersecurity no longer consists of a set of simply defensive measures.”
Professor Paola Severino from LUISS shared some of the challenges for privacy from the legal point of view. “The evolution of the digital world is a source of ever-growing new opportunities for business and scientific innovation, and yet it also increasingly exposes individuals and legal entities to a broad range of risks that would have been inconceivable just a few years ago. Given this context, in the field of personal data protection what has emerged is a need to address the increasing difficulty in protecting privacy against complex cyberattacks and pervasive new surveillance tools. This also calls for a rethinking of the legal instruments required to combat such a phenomenon, by enhancing prevention and normative compliance and by adapting criminal law in response to the new challenges posed by technological transformations.”
Finally, chair of this year’s Annual Privacy Forum, Maurizio Naldi gave the following information regarding the event, “the subject of privacy protection has gained an ever increasing attention over the years. Spurred by the search for improved privacy protection means, my research group on Cybersecurity and Data protection at the University of Rome Tor Vergata has investigated the design of innovative true anonymization algorithms (as opposed to pseudonymization). We employ signal processing techniques to preserve first- and second-order statistical accuracy in the response to database queries, but do not release any information concerning the specific individuals present in the database. Such methods represent a significant step forward in reconciling the quest for anonymization and data utility at the same time, which is a major issue in the current research on data protection.”
The draft Regulation on Privacy and Electronic Communications is expected to give new impetus to the way in which privacy is protected in electronic communications. To meet the challenge in the way personal data is processed and privacy is protected across the EU and beyond, requires examining the stakes at hand.
The next edition of the APF will take place in Lisbon, Portugal in June 2020, in co-operation with the Universidade Católica Portuguesa.
For more information, please visit the event’s website at www.privacyforum.eu.