Today, we celebrate Global Encryption Day 2023.
The topic is as timely, fundamental, and universally considered by us to be of primary importance as ever.
This brief contribution aims to draw everyone’s attention to the importance of encryption as a valuable tool for protecting information.
There is always a need for continued awareness among users of the need to protect personal information so that it can increase their awareness.
The use of encryption not only affects adults but also children.
One hears very often and increasingly about cybersecurity.
Generally, one should consider security and ask oneself how secure one feels. One could hardly answer that one is secure. Everyone adopts systems to protect themselves, from house door locks, car locks, alarm systems, video cameras, etc. That denotes a generalized awareness of insecurity that induces the use of techniques to protect property and people.
Adopting systems suitable for protection shows a clear perception, on the one hand, of threats, risks, and vulnerabilities to which we are exposed.
The awareness of vulnerability increases the need to take appropriate measures to limit the chances of being the subject of unauthorized invasions into our spheres. The awareness of the existence of vulnerabilities is closely related to the presence of risks one wants to eliminate or at least significantly reduce (I install a security door to reduce the risk of someone gaining easy access).
It is incorrect to state that you “have nothing to hide” as a prerequisite for not bothering to adopt encryption or protect your personal information. Such a statement mainly highlights a need for more awareness of the risks and possible consequences.
The issue of cybersecurity is significant, and people often fail to perceive the fundamental need to provide for it.
Sometimes, one wonders what the regulatory source is, i.e., whether there is a law that imposes an obligation to do so.
Several regulatory measures at the European level regarding security (see the numerous Acts and the European Digital Strategy).
To these regulations must be added those concerning the protection of personal data.
We intend to refer to Article 32 of the GDPR, which concerns processing security and stipulates how it should be implemented.
People often assume that security is a synonym for data protection or that compliance with technical and legal security standards also helps assess compliance with data protection regulations.
In reality, this is not the case.
The context of personal data protection also includes security, but the reverse is not valid.
The following inequation expresses the concept:
Security ≠ Privacy
One of the most critical aspects of information security is encryption or scrambling.
More specifically, the EU Regulation 2016/679 (GDPR) in several parts refers to “encryption.”
The Whereas(83) recalls it as a measure to maintain security and prevent processing in violation of the GDPR itself; encryption, moreover, is referred to in Article 6(4)(e), a fundamental rule on the lawfulness of processing.
The Article 32 on security of processing lists circumvention and pseudonymization among the technical and organizational measures.
The subsequent Article 34 (Communication of a personal data breach to the data subject), in the case of a data breach, excludes communication to the data subject if the data controller has put in place technical and organizational protection measures such as encryption.
That said, we reiterate, once again, that the use of encryption is of primary importance.
As is well known, we are particularly sensitive to the issue of digital communication, and on this point, we have already written several contributions on the necessity of encryption, which, for the reader’s convenience, we reproduce below:
- Aware digital communication respecting privacy and the apps or services you choose
- Privacy in email communication: we should use encryption by default
- Privacy Enhancing Technologies (PETs): an evergreen category - part 1
- Privacy Enhancing Technologies (PETs): an evergreen category - part 2
- XMPP: the secure communication protocol that respects privacy
- SimpleX Chat: an app for instant messaging that respects privacy
- Session: a blockchain-based messaging app that protects user privacy
- Nym Mixnet: one of the Privacy Enhancing Technologies (PETs)?
There is a growing increase in the use of security solutions in the application domain with the primary goal of ensuring user privacy.
We consider investment in security and adopting technical measures for applications to be added value.
However, we would like to emphasize least here and subject to more detail, moving toward a substantial increase in security is different from adequately resolving the complexity of data protection and privacy issues.
It would be wrong to qualify the aspects of privacy and the protection of individuals concerning the processing of personal data solely in terms of security.
Personal data protection and privacy have legal standards to comply with that cannot be replaced by security solutions.
We believe that users’ choice of applications depends first and foremost on the trust placed in the developers for the completeness and efficiency of the software, as well as the methods used, including transparency (open source) that enables anyone to gain awareness of individual processes.
Let's live better; let's use cryptography!
We wish everyone a happy World Cryptography Day 2023, hoping that it will increasingly raise users' awareness of the topic.
(*) Image from Global Encryption Coalition
If this resource was helpful, you could contribute by
Or donate via
Follow us on Mastodon
Stay tuned!