Commission Workshop on Privacy Enhancing Technologies

By EDRi · November 18, 2009

This article is also available in:
Deutsch: [Workshop der Kommission über datenschutzfreundliche Technologien | http://www.unwatched.org/node/1587]

The European Commission held a workshop on Privacy Enhancing Technologies
(PETs) on 12 November 2009. The event was supposed to be on the interim
report from London Economics on the economic impact of PETs but ended up by
being considerably broader.

Dirk Van Rooy (Head of Sector, Trust and Security) gave an overview of the
work that DG Information Society had done on privacy issues, also within the
context of the Framework Programmes. He drew attention to the European
Commission Communication covering eID infrastructure and explained that this
issue is being discussed currently with Member States and that further
initiatives are planned.

London Economics were asked to present their initial findings after only
four months of their nine month project – which was probably too early.
It appeared from their presentation that they have not yet found a
definition for PETs adapted to the specific context of this research. As a
result, several participants in the workshop challenged the consultants on
their approach.

In the second session, John Borking gave an overview of issues surrounding
the take-up of PETs by industry, explaining the positive and negative
elements leading to and mitigating against PETs usage. In essence, he
appeared to argue that the cost/benefit analysis needs to be rebalanced in
order to give industry a clearer view of the potential costs of, for
example, data leaks.

Ari Schwartz from the Center for Democracy and Technology made a brief
presentation of the history of P3P, describing what it does and does not do
and the overblown claims that were sometimes made about it. He provided a
very interesting quotation from Citibank on the issue:

“There is a concern that P3P would let ordinary users see, in full gory
detail, how their personal information might be misused by less trusted or
responsible web site operators. Such knowledge may cause users to resist
giving out information altogether.”

Yoram Hacohen from the Israeli DPA presented a project that he had been
involved with in a previous job, where the electoral roll was made available
on CD to political parties. The system had numerous, complex PETs that
worked well but, once the election was over, the competent national
authority failed to collect the CDs from the parties and the data ended up
by becoming public. He said that the next Data Protection Commissioners’
conference would take
place in Israel in 2010 where “privacy by design” and PETs would be
prioritised as topics.

Workshop on Economic Benefits of PETs (12.11.2009)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/workshop_economic_benefits_pets_12_11_09_en.pdf

White Paper: Platform for Privacy Preferences Project (P3P) & Citibank
http://www.w3.org/P3P/Lee_Speyer.html

EC Communication – A Strategy for ICT R&D and Innovation in Europe: Raising
the Game (13.03.2009)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0116:FIN:EN:PDF

(contribution by Joe McNamee – EDRi)