• Recommendations on European Data Protection Certification

    The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.

    Published on November 27, 2017
  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017
  • Annual Privacy Forum 2016

    In light of the data protection regulation and the European digital agenda, DG CONNECT, EDPS, ENISA and, Goethe University Frankfurt organized APF 2016. APF 2016 was held 7 & 8 September at Goethe University Frankfurt am Main, Germany.

    Published on March 09, 2017
  • Privacy Enhancing Technologies: Evolution and State of the Art

    This document provides recommendations on how to build and maintain an online community for PETs maturity assessments, which is assisted by ENISA’s tool. The presented community development approach seeks to guide developers and to empower...

    Published on March 09, 2017
  • Privacy and Security in Personal Data Clouds

    The main objective of this study is to identify the different architectures and components of Personal Data Clouds (PDCs) and discuss their privacy and security challenges. Based on an empirical analysis of various applications that fall under, or...

    Published on February 07, 2017
  • Guidelines for SMEs on the security of personal data processing

    ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the...

    Published on January 27, 2017
  • PETs controls matrix - A systematic approach for assessing online and mobile privacy tools

    Following previous work in the field of privacy engineering, in 2016 ENISA defined the ‘PETs control matrix’, an assessment framework and tool for the systematic presentation and evaluation of online and mobile privacy tools for end users. The...

    Published on December 20, 2016
  • Readiness Analysis for the Adoption and Evolution of Privacy Enhancing Technologies

    This report aims at developing a methodology that allows to compare different Privacy Enhancing Tech-nologies (PETs) with regard to their maturity, i.e., their technology readiness and their quality concerning the provided privacy notion. The report...

    Published on March 31, 2016
  • Privacy by design in big data

    The extensive collection and further processing of personal information in the context of big data analytics has given rise to serious privacy concerns, especially relating to wide scale electronic surveillance, profiling, and disclosure of private...

    Published on December 17, 2015
  • Online privacy tools for the general public

    ENISA has published a study in the area of PETs for the protection of online privacy (online privacy tools) with two main objectives: a) to define the current level of information and guidance that is provided to the general public and b) to provide...

    Published on December 17, 2015
  • Privacy and Data Protection by Design

    This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various...

    Published on January 12, 2015
  • Study on cryptographic protocols

    Cryptographic algorithms, when used in networks, are used within a cryptographic protocol. Even if the cryptographic primitives and schemes (discussed in the “Algorithms, key size and parameters” report of 2014, see link below) are deemed...

    Published on November 21, 2014
  • Algorithms, key size and parameters report 2014

    The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within...

    Published on November 21, 2014
  • Recommendations for a methodology of the assessment of severity of personal data breaches

    The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the...

    Published on December 20, 2013
  • On the security, privacy and usability of online seals

    This report analyses the conditions under which online security and privacy seals (OSPS) can be deployed to support users to make an informed trust decision about Web services and their providers with respect to the provided security and privacy...

    Published on December 16, 2013
  • Securing personal data in the context of data retention

    Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention...

    Published on December 10, 2013
  • Security certification practice in the EU - Information Security Management Systems - A case study

    This report aims at providing input for the adoption of a framework on privacy certifications, as well as for eGovernment certification in Europe. There are numerous IT security certification schemes across the European Member States that can serve...

    Published on November 21, 2013
  • Recommended cryptographic measures - Securing personal data

    This document addresses the protection measures applied to safeguard sensitive and/or personal data, which has been acquired legitimately by a data controller. In this respect it discusses how information technology users, who have a basic knowledge...

    Published on November 04, 2013
  • Algorithms, Key Sizes and Parameters Report - 2013

    This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to...

    Published on October 29, 2013
  • Report on Annual Privacy Forum 2012

    The first Annual Privacy Forum1 (APF’12) was held in Limassol, Cyprus from 10–11 October 2012. The Forum was co-organised by the European Network and Information Security Agency (ENISA)2 and the European Commission Directorate General for...

    Published on December 12, 2012
  • The right to be forgotten - between expectations and practice

    The right to be forgotten is included in the proposed regulation on data protection published by the European Commission in January 2012. The regulation is still to be adopted by the European Parliament for entering into force. The different legal...

    Published on November 20, 2012
  • Privacy considerations of online behavioural tracking

    Internet users are being increasingly tracked and profiled and their personal data are extensively used as currency in exchange for services. It is important that this new reality is better understood by all stakeholders if we are to be able to...

    Published on November 14, 2012
  • Recommendations for technical implementation of Art.4

    In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of...

    Published on May 04, 2012
  • Study on monetising privacy. An economic model for pricing personal information

    Do some individuals value their privacy enough to pay a mark-up to an online service provider who protects their information better? How is this related to personalisation of services? This study analyses the monetisation of privacy. ‘Monetizing...

    Published on February 28, 2012
  • Study on data collection and storage in the EU

    Given the clear contrast between the importance of the privacy by design principle on the one hand, and the reality of lax data protection practices with many online service providers on the other hand, the aim of this study is to present an...

    Published on February 23, 2012
  • Trust and Reputation Models

    Reputation systems are a key success factor of many websites, enabling users and customers to have a better understanding of the information, products and services being provided. However, by using reputation systems, individuals place themselves at...

    Published on December 20, 2011
  • The Use of Cryptographic Techniques in Europe

    With the increased use of e-Government services, the amount of citizens’ sensitive data being transmitted over public networks (e.g. the Internet) and stored within applications that are accessible from anywhere on the Internet has grown...

    Published on December 20, 2011
  • Privacy, Accountability and Trust – Challenges and Opportunities

    In the study, we focus on some of the available technologies and research results addressing privacy and data protection and topics related to, or influencing privacy, such as consent, accountability, trust, tracking and profiling. The objective is...

    Published on February 18, 2011
  • Bittersweet cookies. Some security and privacy considerations

    In this paper, we identify and briefly analyse some of the most common types of cookies in terms of security vulnerabilities and privacy concerns. The purpose of this paper is to highlight some of the security and privacy concerns generated by the...

    Published on February 02, 2011
  • Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments

    The study, using a survey, attempts to evaluate which are currently the mechanisms deployed in available online services for accountability, consent, trust, security and privacy. While the finding of this survey cannot be easily extrapolated to all...

    Published on January 31, 2011
  • Data breach notifications in the EU

    The introduction of a European data breach notification requirement for the electronic communication sector introduced in the review of the ePrivacy Directive (2002/58/EC) is an important development with a potential to increase the level of data...

    Published on January 13, 2011
  • Smartphones: Information security risks, opportunities and recommendations for users

    The objective of this report is to allow an informed assessment of the information security and privacy risks of using smartphones. Most importantly, we make practical recommendations on how to address these risks. We assess and rank the most...

    Published on December 10, 2010
  • Web 2.0 Security and Privacy

    Along with the report, a survey was conducted of 1500 users from 3 European Countries to collect information on attitudes to Web 2.0 security issues. The main body of this report describes in detail these risks and others, based around a set of...

    Published on December 10, 2008

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more