lundi 17 juin 2013

EDPS: Cyber security is not an excuse to monitor citizens' data

Peter Hustinx issued his opinion on Commission's strategy on cyber security

Nerea Rial
17/06/2013 - 1:29pm
On 17 June, the European Data Protection Supervisor (EDPS) published his opinion on the EU's Cyber Security Strategy, following revelations about NSA's surveillance over citizens' private data.
According to EDPS Peter Hustinx, cyber security is not an excuse for the unlimited monitoring and analysis of the personal information of individuals.
Therefore, the "Cyber Security Strategy of the European Union: an Open, Safe and Secure Cyberspace", proposed by the European Commission in February 2013, has to make clear how data protection principlaes will be applied in practice to reinforce online security, he explained.
“We acknowledge that cyber security issues have to be addressed at an international level through international standards and cooperation. Nevertheless, if the EU wants to cooperate with other countries, including the USA, on cyber security, it must necessarily be on the basis of mutual trust and respect for fundamental rights, a foundation which currently appears compromised,” Hustinx explained.
The EDPS also highlighted that the Commission Communication is not taking into account the role of data protection law and of current EU proposals when promoting cyber security. Moreover, the strategy doesn't bears in mind privacy by design as a foundation for building trust. As a result, Commission's proposed document is not as effective and comprehensive as it intends to be, the supervisor concluded.
Analysis of some personal information might be required in order to, for instance, trace back specific individuals. However, the EDPS added on his opinion that national data protection authorities (DPAs) play an essential role in ensuring that a right level of security is applied to the processing of personal information.
DPAs should also raise awareness of national rules, as well as be notified of new operations carried out by organisations, including Europol and ENISA, if this involves processing personal data.
Although this is not reflected in the strategy, their role in contributing to cyber security must be acknowledged, the EDPS pointed out.

Aucun commentaire:

Enregistrer un commentaire