Regulations for privacy enhancing security technologies in Europe

What are the principles that security research and security technologies must follow if they are to comply with fundamental rights and European values? The PRISE project, coordinated by the ITA, tried to answer this question in a participatory process involving producers, users, experts and citizens.

The objective of PRISE was to promote a secure future for European citizens based on innovative security technologies and policies that are in line with privacy protection and human rights in general. PRISE developed guidelines for security solutions to meet these requirements. It provided assistance to the European Union in shaping its forthcoming security research programme.

Scenarios were prepared and presented to citizens

First of all we set up standards for a security research and technology development that would benefit privacy. On this basis, we consulted various interest groups including security technology workers, private and public users, institutions and organisations that represented possibly conflicting interests. The background is that accepted and acceptable security technologies are easier to introduce, are used more and encounter less public and user opposition. They also help to make the European security industry more competitive by providing guidelines for security technologies that comply with the fundamental rights.

The principal result of PRISE was a set of criteria for improving security technologies. These sets of criteria are intended to be applied in research, development, and during implementation, and by industry, policy makers, public and private users.

The PRISE guidelines are

  • There is a baseline of privacy that is inviolable
  • Privacy and security is not a zero sum game
  • General access for law enforcement authorities to existing databases is not acceptable
  • Preservation of privacy is a shared responsibility
  • Use of PRISE criteria in FP7 project evaluations is an important step
  • Privacy enhancement is an essential non-functional requirement
  • Privacy protection requires continuous further development and reassessment of criteria
01/2006 - 06/2008