Cyber security is not an excuse for the unlimited monitoring and analysis of the personal information of individuals, said the European Data Protection Supervisor (EDPS) after publication of his opinion on the EU’s strategy on cyber security.
While there is a welcome acknowledgement of the importance of data protection principles for a robust cyber security policy, the strategy is not clear on how these principles will be applied in practice to reinforce the security of individuals, industry, governments and other organisations.
Peter Hustinx, EDPS, said: “There is no security without privacy. So I am delighted that the EU strategy recognises that it is not a case of privacy versus cyber security but rather privacy and data protection are guiding principles for it. However, the ambitions of the strategy are not reflected in how it will be implemented. We acknowledge that cyber security issues have to be addressed at an international level through international standards and cooperation. Nevertheless, if the EU wants to cooperate with other countries, including the USA, on cyber security, it must necessarily be on the basis of mutual trust and respect for fundamental rights, a foundation which currently appears compromised.”
According to the EU, the overall aim of its strategy is to make the use of the internet and any network and information system connected to it, safer by enabling organisations in the EU countries to prevent and respond to cyber disruptions and attacks. The result would be to foster trust in individuals and organisations using the internet. However, the Commission Communication fails to take due account of the role of data protection law and of current EU proposals in promoting cyber security, such as the proposed Data Protection Regulation and the eTrust Regulation, among others. It also does not take into account the importance of factoring in protection at the inception of any system that contributes to cyber security – privacy by design – as a foundation for building trust. The result is that the strategy is not as effective and comprehensive as the Commission intends it to be.
For more visit – http://europa.eu/rapid/press-release_EDPS-13-6_en.htm?locale=en
