Identity, Privacy and Trust

Our Work Areas


Identity and trust team supports European Commission on the implementation of the Digital Agenda for Europe, in the reform and implementation of couple of policy documents. For instance, ENISA supports EC in its efforts to guide National Regulatory Agencies (NRAs) in the implementation of article 4 of the ePrivacy Directive and is consulting with stakeholders on the development of an integrated approach for secure services supporting data protection. The team summarises information for the MSs and European Commission in the form of recommendations. It also contributes to EC’s policy and strategic initiatives and monitors those actions and recommendations are properly addressed by the stakeholders.


Our overall objectives are:

  • Identify results to be used in awareness raising activities such as trainings, media campaigns targeting specific audiences;
  • Investigate the discrepancies between legal fundamental rights expectation and the practice in online services with regard to the principle of minimal disclosure and the “right to be forgotten”;
  • Increase the trust in the online services and the infrastructure supporting them;
  • Support the implementation of a pan European of Trust-marks (seals) in line with the EC's actions in this field with focus in specific areas of application (e-government services, etc.).


The ultimate goal is to better inform users and customers about the evolvements in the digital world, keeping a global perspective and accounting the context beyond EU MSs in borderless Internet.


Our main priorities are:

  • Consumer information and protection, including personal data protection according to the revised data protection acquisition;
  • Payments and delivery systems by supporting mutual recognition of electronic identification and authentication on electronic signatures and by developing a strategy for “increasing the level of security of payments and data protection”;
  • Abuses and disputes by also focusing on strengthening security and data protection, ensuring that the internet security mechanisms are in place and are able to cope effectively with cyber-attacks and technical failures.

Work areas where we are active:

Risks and Data BreachesData Protection_new

We live in a fast changing world, new information technologies and applications chance our society daily. Although these technologies make our lives easier, at the same time they generate new privacy and security challenges. It is important to identify risks and to provide recommendations to reduce threats. However, data breaches do occur. Hence, it is essential to provide a notification framework.


Privacy and TrustData Protection

Privacy, freedom of expression and freedom of information are considered as fundamental human rights and they are anchored within the EU legal framework. However certain aspects of protection of personal data are difficult to address and implement entirely. We study the challenges our society faces in this area.


eIDPrivacy and Trust

The aim of the European Directive 1999/93/EC on a community framework for electronic signatures was the legal recognition of electronic signatures. ENISA has been active in the field of electronic identities since 2008 and has published a number of reports on security and interoperability of existing and future eID schemes.