The Parliamentary Assembly of the Council of Europe’s Committee on Legal Affairs and Human Rights has released a report criticising state surveillance and the collection of personal data by corporate interests.
In its newly released mass surveillance report, the Committee says that the Assembly is “deeply worried about threats to internet security by the practice of certain intelligence agencies… which could easily be exploited also by terrorists and cyber-terrorists or other criminals” and that it “is also worried by the collection of massive amounts of personal data by private businesses and the risks that these data may be accessed and used for unlawful purposes by state or non-state actors.”
Interestingly for David Cameron, who has been calling for an end to end-to-end encryption, “the Assembly strongly endorses… the European Parliament’s call to promote the wide use of encryption and resist any attempts to weaken encryption and other internet safety standards, not only in the interests of privacy, but also in the interests of threats against national security posed by rogue states, terrorists, cyber-terrorists and ordinary criminals.”
The Assembly calls for:
- Personal information to be collected only with the consent of the data subject, or following a court order when there is “reasonable suspicion” of the data subject’s being involved in criminal activity.
- “All institutions and businesses holding personal data [to] apply the most effective security measures available.”
- Stronger “judicial and/or parliamentary mechanisms” to control the intelligence services.
- A “multilateral ‘intelligence Codex’” for the intelligence services to control state surveillance.
The Guardian reports that “Governments are free to implement or ignore the recommendations. However, if they reject them they have to explain why.”
You can read the whole report here.
With new laws governing cyber security across the EU – the Networking and Information Security (NIS) Directive and the General Data Protection Regulation (GDPR) – due to be formally approved this year and enforced from 2017, organisations throughout the Union will soon have a raft of new data security obligations. If the Parliamentary Assembly’s recommendations are also enforced, there will be even more stringent controls on the collection, processing and storage of personal information in the EU.
Organisations that are concerned about the security of the information they hold and that want to prepare for forthcoming legislation are advised to implement an information security management system (ISMS), as set out in the international best-practice standard ISO 27001.
An ISMS will allow any organisation to fulfil its legal obligations by employing international best practice. IT Governance’s ISO 27001 Packaged Solutions provide implementation resources and implementation guidance suitable for all European organisations at a fixed price.
January offer: order the ISO 27001 packaged solutions through our website in January and receive a 10% discount. Click for more information >>