Key recommendations include:
Granting individuals the legal right to have access to information companies have collected about them.
A call for a comprehensive security breach notification law.
A call for the legal instruments necessary to to identify the best available techniques for auditing data collection.
Perhaps most interesting -- and, I think, most challenging -- is the report's recommendation that tools be created aimed at "keeping personal data of citizens within the EU jurisdiction" and to "manage proximity and distance with others in the digital space, both in a legal and a social sense."
Whether or not the larger ambitions and undertakings raised by the report are achievable -- or, depending on your own perspective, worthwhile -- the scope and level of consideration here is well worth a look.
Be interesting to know if any of our own politicians and officials are looking as well. (You can bet that plenty of corporate lawyers are.)
The entire ENISA report is here.