Search results

252 items matching your search terms.
Filter the results.
Item type

New items since

Sort by relevance · date (newest first) · alphabetically
Report/Study Troff document Algorithms, Key Sizes and Parameters Report - 2013
This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to protect personal and sensitive data of the citizens. The document tries to address the need for continuation of the reports published by ECRYPT NoE and also the requirements for cryptographic protective measures applicable to the notification of personal data breaches. This report is complementing another study published by ENISA that provides an easy to read and understand context for non-speciallized parties.
Located in Publications
Report/Study Privacy by design in big data
The extensive collection and further processing of personal information in the context of big data analytics has given rise to serious privacy concerns, especially relating to wide scale electronic surveillance, profiling, and disclosure of private data. In order to allow for all the benefits of analytics without invading individuals’ private sphere, it is of utmost importance to draw the limits of big data processing and integrate the appropriate data protection safeguards in the core of the analytics value chain. ENISA, with the current report, aims at supporting this approach, taking the position that, with respect to the underlying legal obligations, the challenges of technology (for big data) should be addressed by the opportunities of technology (for privacy).
Located in Publications
Report/Study Study on data collection and storage in the EU
Given the clear contrast between the importance of the privacy by design principle on the one hand, and the reality of lax data protection practices with many online service providers on the other hand, the aim of this study is to present an analysis of the relevant legal framework of European Member States on the principles of minimal disclosure and the minimum duration of the storage of personal data. The study is not intended to go too deep into the details of the legal complexities of the data protection legislation. It rather focuses on a limited number of relevant use cases and tries to find out how the aforementioned principles are expressed in concrete legal or regulatory provisions applicable to these cases, and how they are observed in practice.
Located in Publications
Report/Study Recommendations for a methodology of the assessment of severity of personal data breaches
The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the Art. 4 of the ePrivacy Directive, which included recommendations on how to plan and prepare for data breaches, how to detect and assess them, how to notify individuals and competent authorities and how to respond to data breaches. A proposal of a methodology for personal data breach severity assessment was also included as an annex to the above-mentioned recommendations, which was, however, not considered mature enough to be used at national level by the different Data Protection Authorities. Against this background, the Data Protection Authorities of Greece and Germany in collaboration with ENISA developed, based on the above mentioned work, an updated methodology for data breach severity assessment that could be used both by DPAs as well as data controllers. This working document is a first result of the co-operation between experts of the two DPAs and ENISA. It is planned to further develop the methodology with the aim to generate a final practical tool for a data breach severity assessment.
Located in Publications
Report/Study Data breach notifications in the EU
The introduction of a European data breach notification requirement for the electronic communication sector introduced in the review of the ePrivacy Directive (2002/58/EC) is an important development with a potential to increase the level of data security in Europe and foster reassurance amongst citizens on how their personal data is being secured and protected by electronic communication sector operators. Against this background, ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.
Located in Publications
Report/Study Study on monetising privacy. An economic model for pricing personal information
Do some individuals value their privacy enough to pay a mark-up to an online service provider who protects their information better? How is this related to personalisation of services? This study analyses the monetisation of privacy. ‘Monetizing privacy’ refers to a consumer’s decision of disclosure or non-disclosure of personal data in relation to a purchase transaction. The main goal of this report is to enable a better understanding of the interaction of personalisation, privacy concerns and competition between online service providers. Consumers benefit from personalisation of products on the one hand, but might be locked in to services on the other. Moreover, personalisation also bears a privacy risk, i.e. that data may be compromised once disclosed to a service provider. Privacy is a human right; thinking about the economics of privacy does not change this basic fact. The authors of this report consider an economic analysis of privacy as complementary to the legal analysis as it improves our understanding of human decision-making with respect to personal data.
Located in Publications
Report/Study Privacy, Accountability and Trust – Challenges and Opportunities
In the study, we focus on some of the available technologies and research results addressing privacy and data protection and topics related to, or influencing privacy, such as consent, accountability, trust, tracking and profiling. The objective is to provide a comprehensive and realistic view of both limitations generated and possibilities provided by technologies in the case of personal data protection rights.
Located in Publications
Report/Study text/texmacs Readiness Analysis for the Adoption and Evolution of Privacy Enhancing Technologies
This report aims at developing a methodology that allows to compare different Privacy Enhancing Tech-nologies (PETs) with regard to their maturity, i.e., their technology readiness and their quality concerning the provided privacy notion. The report firstly sketches a methodology for gathering expert opinions and measurable indicators as evidence for a two dimensional rating scale. Secondly, this report reviews two pilots to test the proposed scales and methodology. The results of these pilots are presented in this study. Finally, a list of necessary steps towards a PET maturity repository is made available.
Located in Publications
Report/Study C header Governance framework for European standardisation
In response to the European Union’s Cybersecurity Strategy, the CSCG has published a White Paper with recommendations on digital security. The CSCG’s recommendations underline the importance of Cybersecurity standardisation to complete the European internal market and to raise the level of Cybersecurity in Europe in general. CSCG Recommendation #1 proposes a review of the current governance framework. This document analyses the good practices within the governance framework of the European Union and proposes recommendations for stakeholders. It has been written by CSCG and ENISA experts as a response to the Recommendation #1 and forms a logical entity together with the response to the CSCG Recommendation #2, Definition of Cybersecurity – Gaps and overlaps in standardisation, published by ENISA at the same time.
Located in Publications
Report/Study Privacy and Data Protection by Design
This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services.
Located in Publications

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information