Personal data in the public eye

EU member states may reach an agreement on data protection reform before the end of the year, with data protection being among the top declared priorities of EU legislators. Just recently, on January 28, the world marked International Data Protection Day. Meanwhile, the average European is still worried about how or where their personal information may be used behind their back.

[restrict]

By Otilia Haraga

The value of European Union citizens’ data was EUR 315 billion in 2011 and has the potential to grow to nearly EUR 1 trillion in 2020, according to the Boston Consulting Group, quoted by EC officials. Data protection reform will help the Digital Single Market realize this potential. The benefits of simplification via this reform are estimated at EUR 2.3 billion per year.

Reform is also expected to bring consistency. While at present, a company processing data in the EU has to deal with 28 national laws, the Data Protection Regulation will be a single, Europe-wide law governing the field, says the EC.

“Data protection in the European Union is a fundamental right. Europe already has the highest level of data protection in the world. With the reform, which was proposed exactly two years ago – in January 2012 – Europe has the chance to make these rules a global gold standard. The rules will benefit citizens who want to be able to trust online services, and the small and medium-sized businesses looking at a single market of more than 500 million consumers as an untapped opportunity. The European Parliament has led the way by voting overwhelmingly in favor of these rules. I hope to see full speed on data protection in 2014,” said Viviane Reding, vice-president and the EU’s Justice Commissioner, ahead of International Data Protection Day.

However, the conclusions of the Flash Eurobarometer 359: Attitudes on Data Protection and Electronic Identity in the European Union dated June 2011 are not so optimistic.

It found that 74 percent of Europeans see disclosing personal information as an increasing part of modern life. By contrast, only 47 percent of Romanians believe that. Also, 47 percent of Romanians say the government is asking them for more and more personal information, as opposed to 64 percent of Europeans.

Furthermore, 58 percent of Europeans believe there is no alternative than to disclose personal information if one wants to obtain products or services, as opposed to 33 percent of Romanians.

Seven out of ten Europeans are concerned about the potential use that companies may make of the information they disclose. When asked what type of regulation should be introduced to prevent companies from using people’s personal data without their knowledge, most Europeans think that firms should be fined (51 percent), banned from using such data in the future (40 percent), or compelled to compensate the victims (39 percent).

Less than one third of Europeans trust phone companies, mobile phone operators and internet service providers, and just over one fifth trust internet companies such as search engines, social networking sites and e-mail services.

In Romania, 61 percent of Romanians are “totally concerned” that companies holding information about them may sometimes use it for a different purpose than what it was collected for without informing them, 29 percent are “totally unconcerned”, while 10 percent of Romanians responded “don’t know”.

By comparison, concern runs the highest among UK and Irish citizens at 80 percent, and the French at 79 percent, while Swedes and Estonians are more relaxed, with only 37 percent and 51 percent voicing worries about the way companies are using their information.

But, to know how to guard against data misuse or theft, an internet user should first know how details are collected.

Adrian Porcescu, technical consultant & trainer at Kaspersky Lab, says that there are two ways to collect data. The first involves the owner’s consent or action – including the accessing, storage or transport of private data through platforms and applications that later use this information for other ends than those declared. This includes websites or phishing messages that convince users to divulge personal data on a PC or mobile, for example requiring the right to access personal data upon installation.

The second category is data collection methods that work without the owner’s action or consent. The data is collected via malware installed on devices and systems where data is stored, through which they are accessed and transmitted – either by exploiting software vulnerabilities caused by the lack of updates, or by social engineering or identifying access data (the username and password), as they are not complex enough, or even the physical theft of devices where this data is stored and accessed.

“Data you give away voluntarily means data disclosed on the internet. If we refer to data that is transmitted automatically, mobile applications would probably be susceptible to collecting personal data, including on the user’s location,” says Bogdan Manolea, executive director at the Association for Technology and Internet (ApTI) and founder of the blog http://legi-internet.ro/. “It depends on the aim of the attackers and what they wish to do with their findings. But the most ’profitable’ is probably financial data or that which can bring an immediate financial gain – identification data and data cards. Depending on the case and the type of collected data, they can be used for mass advertising, petty fraud, identity theft, or even to steal the user’s money,” Manolea tells BR.

Given the multiple ways in which data can be misused, it is often very difficult to identify on tine that data has been compromised, explains Porcescu.

“One realizes one’s personal information has been compromised when one no longer has access to online accounts – as cyber-criminals reset the login data – but also when money disappears from a bank account. Where users notice that one single account – for instance e-mail, or a social network account – has been hacked, the best thing is to make sure all the other accounts are protected by re-setting all passwords and making them more complex,” he advises.

If a person smells a rat, they would be well-advised to file a complaint at the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro), under Law 677/2001, recommends Manolea.

According to the Eurobarometer 359, only one third of Europeans are aware of the existence of a national public authority responsible for protecting their rights regarding personal data.

“The number of complaints filed at the authority, I believe, was around 800 last year,” Manolea tells BR. There is also the option to file actions under the Civil Code or the Criminal Code, he adds.

However, to avoid getting to that point, there are certain ‘golden rules’ for anyone who goes online.

“The most important step for internet users to protect their personal data is to be careful where and how they disclose them. The fact that a form appears on the screen does not mean you have to fill it in or you must give your data to anyone,” Manolea advises.

Still on the side of caution, Porcescu recommends users constantly update the applications and OS on their devices and avoid installing applications from unsafe sources. They should keep their data in safe locations, encrypt them and avoid posting them in public places or on platforms where they can be viewed, accessed and copied by unauthorized parties. Furthermore, data should be transmitted via safe and encrypted communication channels.

“It is also very important to have a security solution installed, which includes technologies that are up to date with the evolution of the malware ecosystem. Last but not least, avoid connecting to the internet via unsecure public connections and points of access,” warns Porcescu.

[/restrict]

DMCA

PROTECTED