News about data leaks and hacking attacks have increased. By now, it is clear: users should protect their personal data. So, how can good self-data protection be implemented in everyday life? In addition, where do users reach the limits of what is possible for them?
In its white paper ‘Selbstdatenschutz’, the research association ‘Forum Privatheit’ answers, among others, the following questions: In what legal framework does self-data protection operate? What do the internet users think about the protection of their communication via electronic media, and which concrete measures are the taking? And finally: Which technical considerations have to be taken into account to enable effective self-data protection?
The right to informational self-determination, anchored in the ‘Grundgesetz’, is intended to enable everyone to protect himself or herself against invasions of privacy whether they originate from companies, governments or other individuals.
Simultaneously, this right to informational self-determination obliges the government to take suitable measures to enable and enhance its citizen’s self-data-protection.
Currently, the interest in personal data protection is rising, primarily due to the media reports about intrusions into privacy resulting from the practices of large social media companies. Nonetheless, only a few users apply the necessary measures to protect their data. One reason of the reasons is a lack of skills on the side of the users. Another reason, according the research, is that many users are willing to disclose their own data if there is a "reward" - such as a possible prize that can only be won if they disclose their private data. Additionally, many users are more interested in their convenience than their privacy and self-data protection, as the rapid increase in virtual assistants in private households shows.
The possibilities as well as the limits of privacy protection techniques are examined in the white paper ‘Selbstdatenschutz’ on the basis of case studies in the areas of: email encryption, instant messaging and anonymization.
Especially mobile devices, heterogeneous communication networks and service-providers servers are in danger to be attacked.
To enable an effective data protection, users should take measures in these three areas: their personal mobile devices, communication networks and the service provider’s servers. Only combined, will these measures guarantee an effective protection.
Especially mobile devices, heterogeneous communication networks and service-providers servers are vulnerable to attacks.
To ensure an effective data protection, users should take measures in all of these three areas: on the user’s mobile device, in the communication networks and the service provider’s servers. Only combined, can these measures provide effective protection, but that requires extensive technical knowledge. As a result, many people find themselves unable to implement these measures.
It is therefore important not to attribute complete responsibility for a good self-data protection to the users. Instead, the state’s duty of protection should be increasingly brought into the focus of the socio-political debate, because the requirements of effective self-data protection – in part due to the current structures of the data economy - are far too complex for the users to handle on their own.
The White Paper on this topic published by Forum Privatheit is available for download as a pdf file:
Murat Karaboga / Philipp Masur / Tobias Matzner / Cornelia Mothes / Maxi Nebel / Carsten Ochs / Philip Schütz / Hervais Simo Fhom
2. Auflage, November 2014