Browse archive

Latest news

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

A closer look at Mega cloud storage

CISOs need to engage with the board

Wi-Fi client security weaknesses still prevalent

"NATO vacancies" phishing email also leads to malware

Find TrueCrypt and BitLocker encrypted containers and images

Sourcefire goes beyond the sandbox

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Over 45% of IT pros snitch on their colleagues

Hacking charge stations for electric cars

Privacy compliance laws: Why the European Commission finally got it right

by Marc Vael - International vice president of ISACA - Monday, 29 October 2012.

The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the interference in privacy of a European bureaucracy.

The recent European Commission cookie law guidelines not only reignited controversy about privacy compliance in Europe and prompted furious debates in the trade press, quality press and tabloids, but also ignited considerable international interest.

This article concentrates on examining the stances which have been taken, their validity and, more importantly, what an enterprise needs to be doing as it turns from merely talking shop to setting and implementing concrete policies on privacy.

What tended to be ignored in the early days of the European Commission's proposals was that the cookies rule was just a small part of a law aimed at safeguarding privacy online and an attempt to protect Internet users from an increasingly aggressive, intrusive and pervasive corporate marketing machine. These are real concerns which have been growing for a number of years and which the European Commission sought to address in its rulings.

It is ironic that the European Commission takes considerable flak for ‘creating’ initiatives when usually it is responding to pressure from below. It was the relative failure of the European Commission's 2003 directive that led to the cookie law.

As international competition begins to heat up and the rapidly emerging markets of India, China and Brazil force companies into become more aggressive in their search for international markets, organisations providing content and obtaining information about users are utilising even more sophisticated and invasive techniques which many people are becoming alarmed about.

The ultimate aim is to protect user privacy to ensure that consent is given for all Internet marketing and a tidal wave of spam is averted. This is a laudable aim and one which should be supported. It should also be pointed out that these are merely a set of proposals—albeit a fairly comprehensive set—of reforms to the EU's 1995 data protection rules to “…strengthen online privacy rights and boost Europe's digital economy,” according to the EU's web site.

The site adds, “Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.”