PRESS RELEASE

Today, privacy and the protection of personal data are critical challenges in our modern society, as technology increasingly invades our everyday lives and becomes an integral part of what we do and, at times, of what we are. And yet, data protection laws and regulations seem obsolete or inadequate to address these new challenges. Therefore, ENISA established a Working Group on Privacy & Technology to analyse the gaps and the implications for the current EU legal framework in a report. The ENISA Working Group offers a set of 13 key recommendations. Samples of the 13 ENISA recommendations include:

* The European Commission and the Member States should encourage an incentive system connected to a certification scheme and an effective economic sanctions systems, as well as tax incentives. Industry is recommended to e.g., always analyse privacy risk through Privacy Impact Assessment methodologies, when defining their privacy and security policy.

* Online Subject Access: a "Cinderella" human right? The EU Data Protection framework gives strong legal rights for individuals to learn what companies know about them - the right of "data subject access". The implementation of this right is however not in pace with the online developments. ENISA and the Article 29 Working Party (WP) should therefore conduct a policy analysis on how to re-frame the legal right of subject access, to give individuals maximal data access at zero cost. * The EU Commission should introduce a comprehensive security breach notification law, to enable Data Protection Authorities (DPAs) and individuals to better identify, understand and react to incidents. * The European Commission should propose a legal instrument to identity the Best Available Techniques (BATs), to ensure effective auditing and certification of data collection by Industry and DPAs. * Identity Management. EU and national law and policy makers on should re-evaluate legitimacy and proportionality grounds for processing real names and additional personal data proven by digital certificates. * To confront the challenge in keeping personal data of citizens within the EU jurisdiction and to provide a new tool that would enable users to manage proximity and distance with others in the digital space, both in a legal and a social sense, it is recommended that the Art. 29 WP and the EU Commission explore the notions of Digital Territory, property and space, e.g. to extend the principle of legal sanctuary in real life to the digital world The Executive Director of ENISA, Mr. Andrea Pirotti commented on the Report: "The gap analysis between the existing regulations and incentives and the technological challenges of our modern society, underlines the need for original thinking, decisive actions, and to close the gaps if we are to retain and boost citizens' trust in Information Society." For full report with all 13 recommendations: http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_wg_report.pdf For further information: Ulf Bergstrom, Press and Communications Officer, ENISA, [cid:[email protected]] , Mobile: [cid:[email protected]] , or Barbara Daskala, Risk Management Expert at: [email protected].