Encryption is the process of scrambling or enciphering data so it can be read-only by someone with the means to return it to its original state.
It is what makes data secure. It is commonly used to protect both data stored on computer systems (data-at-rest), and data transmitted via computer networks, including the Internet.
Additionally, end-to-end encryption, where only the sender and intended recipient can read the message, is the most secure form of encryption that you can use.
It is always important to use end-to-end encryption to protect yourself and your data.
Moreover, encryption is recognised as necessary for the digital economy and for the protection of fundamental rights, such as privacy and free speech. In other words, its function is to protect privacy and personal data.
Encryption is a key building block of Internet trust. It is important to check that user data is not being exposed and that the organisation’s data is not being tampered with by a wrong party.
One needs to be sure of who they are communicating with for example through signing digital documents to ensure that the recipient is authentic and that certainly the message is coming from the right sender.
While law enforcement requires the means to fight crime on the internet, any new measure would have to first pass the test for necessity and proportionality, based on substantiated evidence.
While encryption makes bulk data collection and mass surveillance difficult, it is not a limiting factor in more targeted and specific measures.
Following the full application of the European Union’s General Data Protection Regulation (GDPR) since 2018, encryption gained legal recognition as a means to protect the fundamental rights of individuals in the context of processing personal data.
The GDPR mentions encryption explicitly in several provisions (Articles 6 (lawfulness of processing), 32 (security), 34 (personal data breach notification)), as a powerful measure to reduce the risks for individuals whose data are processed, an essential outcome in the GDPR’s risk-based approach.
In effect, the GDPR is saying that your security controls must account for the risk of accidental, unlawful, or unauthorized disclosure or loss of personal data.
That is a very broad category of potential violations of the protection of an individual’s data.
So, why data protection needs encryption? Encryption is regarded as the best way to protect data during transfer and one way to secure stored personal data.
It also reduces the risk of abuse within a company, as access is limited only to authorised people with the right key.
If the sensitive data, for example, of a data subject, is lost and not encrypted, it will be difficult to argue that the information is inaccessible.
The loss of unencrypted data will certainly require notification to the supervisory authority and the data subject.
An encryption strategy is only as good as your ability to protect your encryption keys.
Furthermore, if someone is not properly protecting the encryption key used for encryption, it must be assumed that the encryption can be reversed. It’s quite advisable not to use weak encryption keys such as passwords if you like. Instead, use a professional key management solution to protect the keys.
Relevance of encryption of personal information collected for COVID-19
Today, many countries around the world have taken measures to deal with personal information leakage as some individuals’ information has been improperly acquired.
And personal information that has been collected for preventive purposes should have encryption to decrease the risk of information leakage.
With digital security threats on the rise as the world grapples with COVID-19, encryption is more important than ever.
It helps secure our work from home, protects the integrity of critical public health information, and keeps our communications with friends and family confidential.
According to technology experts, the global webinar series featuring world-leading security is very important. So encryption is a critical tool helping people and countries navigate a global health crisis.
You could learn about dangerous proposals that threaten our digital security, and how we can encourage governments and the private sector to pursue policies that enhance, strengthen and promote the use of strong encryption practices to protect citizens everywhere.
With the efforts to curb a global health crisis increasingly pushing our lives online, indeed encryption is more important than ever.
In fact, the growing adoption of biometric encryption will have a positive impact on the market and contribute to its growth significantly over the forecast period.
The key challenge today is how to strike a balance between encryption and the ability for law enforcement to access encrypted data for security reasons.
For example, in the EU, they have traditionally been in favour of encryption practices, but some member states have recently created or proposed policies or laws that undermine encryption through exceptional access for law enforcement and national security purposes.
On this controversial note, there’s a camp of policymakers and law enforcement officials who are supportive of a backdoor in encryption for security and criminal investigation purposes while another camp is against bypassing privacy-enabled features as it may allow forever the access to a person’s private life. Until now this debate remains a topical issue.
The writer is a law expert.