Oh please forget me!

Categories: IT Security

Oh please forget me!

Those of you who follow my blogs will know that in the past few months – probably in the last year, I have blogged about the proposed changes in the EU Data Protection Directive as announced by the EU Justice Commissioner Viviane Reding in January this year.

Initially there was outrage from a number of prominent groups about the proposed changes and now it seems ENISA (European Network and Information Security Agency) have voiced their concerns as well, and in a recent assessment published by ENISA the knives are out. It also seems that one of the biggest problems identified is to do with Big Data. So, here’s a question – If we take the proposed ‘right to be forgotten’ and add ‘Big Data’ to the mix what do we get? Big confusion!

EU citizens will have the “right to be forgotten” online. In the case of data they put online themselves; users would have the right to insist that the companies processing the data delete it. This proposal, sure to be popular among the general public, is just one among a long list of data privacy measures the EU wants to use to give Internet users more control over their own data. The U.S. government, Google and Facebook have already launched an offensive against the proposals deeming them unacceptable and that the regulations will hurt the economy and cost jobs.

The problem is what is considered ‘personal data’, whilst we all know the common definition of data that identifies an individual, what about data that has been aggregated from other sources? and correlated for statistical purposes? What if the information is held globally? Maybe that’s why the likes of Google and Facebook are so opposed to it. For example if I have a group photo posted on Facebook and want it deleted – who owns the photo and who has the right to delete it?

However, one of the biggest problems with it is that it will take away one of the most effective tools we have towards fighting crime and keeping our systems and our world safe.

There has to be balance between protecting the rights of individuals and being able to continue doing business and keep us safe. After all, security is something which should give us the assurance and confidence to do business and not be a hindrance. Hopefully, all this opposition will make the EU rethink how the ‘Right to be Forgotten’ will be implemented or maybe they will forget the whole thing!

Rashmi Knowles
Author:

Rashmi is Chief Security Architect at RSA, The Security Division on EMC. In her role Rashmi is responsible for Technology and Compliance Solutions for the EMEA region. Her current responsibilities include working with customers in a Trusted Advisor role, Thought Leadership for emerging technologies and key spokesperson in the region for RSA’s Virtualisation and Cloud strategy and Compliance Solutions and a subject matter expert on Data Loss Prevention and Encryption Solutions. Rashmi has over twenty years experience in data communications, mobile communications and has focussed on Information Security for the last 15 years. Rashmi holds a degree in Computer Science from the De Montfort University and a Post Graduate in Computer Studies from the University of the South Bank, London. Subscribe to Rashmi's RSS feed