دانلود رایگان مقاله انگلیسی حفاظت از داده ها و حفظ حریم خصوصی - موارد سیستم های حسگر امنیت اطلاعات - الزویر 2018

abstract

This article analyses government deployment of information security sensor systems from primarily a European human rights perspective. Sensor systems are designed to detect attacks against information networks by analysing network traffic and comparing this traffic to known attack-vectors, suspicious traffic profiles or content, while also recording attacks and providing information for the prevention of future attacks. The article examines how these sensor systems may be one way of ensuring the necessary protection of personal data stored in government IT-systems, helping governments fulfil positive obligations with regards to data protection under the European Convention on Human Rights (ECHR), the EU Charter of Fundamental Rights (The Charter), as well as data protection and IT-security requirements established in EU-secondary law.It concludes thatthe implementation of sensor systems illustrates the need to balance data protection against the negative privacy obligations of the state under the ECHR and the Charter and the accompanying need to ensure that surveillance of communications and associated metadata reach established principles of legality and proportionality. The article highlights the difficulty in balancing these positive and negative obligations, makes recommendations on the scope of such sensor systems and the legal safeguards surrounding them to ensure compliance with European human rights law and concludes that there is a risk of privatised policymaking in this field barring further guidance in EU-secondary law or case law.

5. Conclusions

5.1. Complementary or conflicting rights?

The relationship between privacy and data protection is in many ways symbiotic. Protecting privacy implies the collection of less data, which is in line with data minimisation principles. Conversely, ensuring sufficient data protection protects privacy, as information about the individual is not subject to unauthorised disclosure. Interestingly, sensor systems illustrate a potential for conflict between two competing rights, resulting from the development of data protection as a right separate from privacy in a broader sense. Sensor systems do of course protect additional values beyond data protection, such as the security of public information systems and the integrity of government information resources. However, as this article illustrates, there is a growing momentum of positive data protection obligations acting as a potential driver for the deployment of such systems. In doing so, privacy and data protection may become values that largely need to be balanced against each other.

This further implies a tension within EU-law itself, as the CJEU has proven a watchful guardian of privacy in the face of wide-scale legislative encroachments from the EU through, inter alia, the DRD and the Safe Harbor agreement. Meanwhile, EU policy makers continues to push for improved network security through the NIS-directive, which may call for measures such as sensor system to be deployed as industry standards are developed, while simultaneously the entry into force of the GDPR implies an increased need to demonstrate sufficient technical and organisational measures to ensure protection of sensitive data.