A European Perspective on Security and Privacy

Data privacy in Europe is subject to an intense debate, but also subject to cultural differences among the 27 European Member States. Central Regulations such as the European Data Protection Directive cannot completely level the playing field, as the Member States have to turn any such regulation into national law before it becomes effective and they are free to add their national requirements.  Occasionally, there might be a clash: The German implementation of the EU data retention regulation - meant to simplify law enforcement - went so far that it violated existing German laws and therefore was declared invalid. This resulted in the fact that currently in telecommunications and internet use in Germany there are no connection data retained at all.

Apart from the interesting question of creating inconsistency by national additions, this example shows that the handling of personal data requires special attention. The need to opt in to the use of personal data has created a flood of forms and tick boxes that are usually filled or acknowledged without reading by the unaware consumer, leading to a factual excavation of the idea that the use of the data shall be determined by the data owner.

Nevertheless, European Data Protection is strong, but the cultures are different: Video Surveillance of public places is installed in the UK very often, but would create a very uneasy feeling for people in Germany. Data retention and telecommunications interception are not easily sold as anti-terror tools to an Eastern European generation that still recalls the life behind the iron curtain, and while in Scandinavian taxis you might find video surveillance, this would be considered an intolerable privacy infringement by the Italians.

To come to a solid understanding of the European Citizen needs, the social perspective in data protection needs to be given a stronger role. The European Commission's Joint Research Center (JRC) has therefore started a multidimensional privacy approach that also addresses seemingly simple questions on awareness and behaviour: What additional effort do people take to protect their data and what incentive is needed to give the legally required consent in different situations? In the European cultural diversity, only this integrated research activity on privacy that comprises social sciences, technical matters, legal aspects and economic implications will enable us to strike the balance between security needs and privacy concerns of European Citizens.