• Post-Quantum Cryptography: Current state and quantum mitigation

    This study provides an overview of the current state of affairs on the standardization process of Post-Quantum Cryptography (PQC). It presents the 5 main families of PQ algorithms; viz. code-based, isogeny-based, hash-based, lattice-based and...

    Published on May 03, 2021
  • Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies

    This report aims to increase the understanding of blockchain technologies. It aims to explain the underlying technical concepts and how they relate to each other. The goal is to explain the components, and illustrate their use by pointing to...

    Published on February 09, 2021
  • Data Pseudonymisation: Advanced Techniques and Use Cases

    This report, building on the basic pseudonymisation techniques, examines advanced solutions for more complex scenarios that can be based on asymmetric encryption, ring signatures and group pseudonyms, chaining mode, pseudonyms based on multiple...

    Published on January 28, 2021
  • Pseudonymisation techniques and best practices

    This report explores further the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice. Starting from a number of pseudonymisation scenarios, the report defines first the main actors that can...

    Published on December 03, 2019
  • Stock taking of security requirements set by different legal frameworks on OES and DSPs

    In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified...

    Published on November 15, 2019
  • Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

    One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as...

    Published on March 14, 2019
  • ENISA’s PETs Maturity Assessment Repository

    The present report aims at detailing the outcomes of the project that aimed to promote the ENISA’s PETs repository (and underlying PETs maturity assessment methodology) by 1) Engaging the privacy community into its use, and 2) Providing a plan for...

    Published on January 31, 2019
  • Reinforcing trust and security in the area of electronic communications and online services

    This study provides an overview of well-established security practices, for the purpose of sketching the notion of “state-of-the-art” in a number of categories of measures, as they are listed in ENISA’s guidelines for SMEs on the security of...

    Published on January 28, 2019
  • Recommendations on shaping technology according to GDPR provisions - Exploring the notion of data protection by default

    This report aims to shed some light on what the data-protection-by-default principle means in information technology design, what is the situation today, as well as how the new GDPR obligation could support controllers in selecting...

    Published on January 28, 2019
  • Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation

    The scope of this report is to explore the concept of pseudonymisation alongside different pseusonymisation techniques and their possible implementation. The report is part of ENISA's work in the area of privacy and data protection, which focuses on...

    Published on January 28, 2019
  • A tool on Privacy Enhancing Technologies (PETs) knowledge management and maturity assessment

    This report accompanies the second release of the PETs assessment tool and provides a brief overview of its main functionalities, as well as its challenges and proposed dissemination activities for further enhancement and adoption.

    Published on March 07, 2018
  • Handbook on Security of Personal Data Processing

    The overall scope of the report is to provide practical demonstrations and interpretation of the methodological steps of the ENISA’s 2016 guidelines for SMEs on the security of personal data processing. This is performed through specific use cases...

    Published on January 29, 2018
  • Privacy and data protection in mobile applications

    The scope of the report is to provide a meta-study on privacy and data protection in mobile apps by analysing the features of the app development environment that impact privacy and security, as well as defining relevant best-practices, open issues...

    Published on January 29, 2018
  • Annual Privacy Forum 2017

    ENISA's Annual Privacy Forum 2017 encouraged dialogue with panel discussions and provided room for exchange of ideas in between scientific sessions. The two-day conference was well attended by more than 100 participants in addition to more than 70...

    Published on January 09, 2018
  • QWACs Plugin

    Proof of concept browser plugin to support the two-step verification of qualified certificates for web-site authentication

    Published on January 08, 2018
  • Recommendations on European Data Protection Certification

    The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.

    Published on November 27, 2017
  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017
  • Annual Privacy Forum 2016

    In light of the data protection regulation and the European digital agenda, DG CONNECT, EDPS, ENISA and, Goethe University Frankfurt organized APF 2016. APF 2016 was held 7 & 8 September at Goethe University Frankfurt am Main, Germany.

    Published on March 09, 2017
  • Privacy Enhancing Technologies: Evolution and State of the Art

    This document provides recommendations on how to build and maintain an online community for PETs maturity assessments, which is assisted by ENISA’s tool. The presented community development approach seeks to guide developers and to empower...

    Published on March 09, 2017
  • Privacy and Security in Personal Data Clouds

    The main objective of this study is to identify the different architectures and components of Personal Data Clouds (PDCs) and discuss their privacy and security challenges. Based on an empirical analysis of various applications that fall under, or...

    Published on February 07, 2017
  • Guidelines for SMEs on the security of personal data processing

    ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the...

    Published on January 27, 2017
  • PETs controls matrix - A systematic approach for assessing online and mobile privacy tools

    Following previous work in the field of privacy engineering, in 2016 ENISA defined the ‘PETs control matrix’, an assessment framework and tool for the systematic presentation and evaluation of online and mobile privacy tools for end users. The term...

    Published on December 20, 2016
  • Readiness Analysis for the Adoption and Evolution of Privacy Enhancing Technologies

    This report aims at developing a methodology that allows to compare different Privacy Enhancing Tech-nologies (PETs) with regard to their maturity, i.e., their technology readiness and their quality concerning the provided privacy notion. The report...

    Published on March 31, 2016
  • Privacy by design in big data

    The extensive collection and further processing of personal information in the context of big data analytics has given rise to serious privacy concerns, especially relating to wide scale electronic surveillance, profiling, and disclosure of private...

    Published on December 17, 2015
  • Online privacy tools for the general public

    ENISA has published a study in the area of PETs for the protection of online privacy (online privacy tools) with two main objectives: a) to define the current level of information and guidance that is provided to the general public and b) to provide...

    Published on December 17, 2015
  • Privacy and Data Protection by Design

    This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various...

    Published on January 12, 2015
  • Study on cryptographic protocols

    Cryptographic algorithms, when used in networks, are used within a cryptographic protocol. Even if the cryptographic primitives and schemes (discussed in the “Algorithms, key size and parameters” report of 2014, see link below) are deemed secure...

    Published on November 21, 2014
  • Algorithms, key size and parameters report 2014

    The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within...

    Published on November 21, 2014
  • Recommendations for a methodology of the assessment of severity of personal data breaches

    The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the...

    Published on December 20, 2013
  • On the security, privacy and usability of online seals

    This report analyses the conditions under which online security and privacy seals (OSPS) can be deployed to support users to make an informed trust decision about Web services and their providers with respect to the provided security and privacy...

    Published on December 16, 2013
  • Securing personal data in the context of data retention

    Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention...

    Published on December 10, 2013
  • Security certification practice in the EU - Information Security Management Systems - A case study

    This report aims at providing input for the adoption of a framework on privacy certifications, as well as for eGovernment certification in Europe. There are numerous IT security certification schemes across the European Member States that can serve...

    Published on November 21, 2013
  • Recommended cryptographic measures - Securing personal data

    This document addresses the protection measures applied to safeguard sensitive and/or personal data, which has been acquired legitimately by a data controller. In this respect it discusses how information technology users, who have a basic knowledge...

    Published on November 04, 2013
  • Algorithms, Key Sizes and Parameters Report - 2013

    This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to...

    Published on October 29, 2013
  • Report on Annual Privacy Forum 2012

    The first Annual Privacy Forum1 (APF’12) was held in Limassol, Cyprus from 10–11 October 2012. The Forum was co-organised by the European Network and Information Security Agency (ENISA)2 and the European Commission Directorate General for...

    Published on December 12, 2012
  • The right to be forgotten - between expectations and practice

    The right to be forgotten is included in the proposed regulation on data protection published by the European Commission in January 2012. The regulation is still to be adopted by the European Parliament for entering into force. The different legal...

    Published on November 20, 2012
  • Privacy considerations of online behavioural tracking

    Internet users are being increasingly tracked and profiled and their personal data are extensively used as currency in exchange for services. It is important that this new reality is better understood by all stakeholders if we are to be able to...

    Published on November 14, 2012
  • Recommendations for technical implementation of Art.4

    In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of...

    Published on May 04, 2012
  • Study on monetising privacy. An economic model for pricing personal information

    Do some individuals value their privacy enough to pay a mark-up to an online service provider who protects their information better? How is this related to personalisation of services? This study analyses the monetisation of privacy. ‘Monetizing...

    Published on February 28, 2012
  • Study on data collection and storage in the EU

    Given the clear contrast between the importance of the privacy by design principle on the one hand, and the reality of lax data protection practices with many online service providers on the other hand, the aim of this study is to present an...

    Published on February 23, 2012
  • Trust and Reputation Models

    Reputation systems are a key success factor of many websites, enabling users and customers to have a better understanding of the information, products and services being provided. However, by using reputation systems, individuals place themselves at...

    Published on December 20, 2011
  • The Use of Cryptographic Techniques in Europe

    With the increased use of e-Government services, the amount of citizens’ sensitive data being transmitted over public networks (e.g. the Internet) and stored within applications that are accessible from anywhere on the Internet has grown...

    Published on December 20, 2011
  • Privacy, Accountability and Trust – Challenges and Opportunities

    In the study, we focus on some of the available technologies and research results addressing privacy and data protection and topics related to, or influencing privacy, such as consent, accountability, trust, tracking and profiling. The objective is...

    Published on February 18, 2011
  • Bittersweet cookies. Some security and privacy considerations

    In this paper, we identify and briefly analyse some of the most common types of cookies in terms of security vulnerabilities and privacy concerns. The purpose of this paper is to highlight some of the security and privacy concerns generated by the...

    Published on February 02, 2011
  • Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments

    The study, using a survey, attempts to evaluate which are currently the mechanisms deployed in available online services for accountability, consent, trust, security and privacy. While the finding of this survey cannot be easily extrapolated to all...

    Published on January 31, 2011
  • Data breach notifications in the EU

    The introduction of a European data breach notification requirement for the electronic communication sector introduced in the review of the ePrivacy Directive (2002/58/EC) is an important development with a potential to increase the level of data...

    Published on January 13, 2011
  • Smartphones: Information security risks, opportunities and recommendations for users

    The objective of this report is to allow an informed assessment of the information security and privacy risks of using smartphones. Most importantly, we make practical recommendations on how to address these risks. We assess and rank the most...

    Published on December 10, 2010
  • Web 2.0 Security and Privacy

    Along with the report, a survey was conducted of 1500 users from 3 European Countries to collect information on attitudes to Web 2.0 security issues. The main body of this report describes in detail these risks and others, based around a set of...

    Published on December 10, 2008

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information