Both political as well as social-ethical reasons calls for a joint and coordinated initiative with an independent, coherent and holistic scientific and academic approach on an active, diligent, and systematic process of inquiry aimed at discovering, interpreting, and revising facts about privacy put into an European context. A permanent European Institute gives structure to Europe’s present fragmented research and education and would be in a position to create a vibrant environment and awareness being the motive power in developing Centres of Excellence to support both EU member states as industry. The scope and complexity of privacy in connection with ICT require close collaboration across many disciplines and skills. It seems obvious that the Institute would be organized around a set of research themes that will address major opportunities and challenges that are too complex for individuals or even small groups of researchers to tackle on their own.

To launch the European Privacy Institute has to be seen as a direct follow up of the EU Workshop on “ICT for Trust and Confidence”, held in Brussels on 24th January 2006 as a suitable instrument for more research in accordance with the overall conclusions and recommendations of the expert panel as follows:   There is a strong requirement for an anonymous, secure, network infrastructure. It is a key component upon which many different applications can be built. It is not clear if there should be one publicly supported infrastructure or several ones that eventually compete in the marketplace. It is likely that several would be developed, possibly with different features. Provided they are well specified and designed, interoperability should not be a problem; gateways will be able to bridge different networks.   Applications handling identity management in the public sector are needed. For some, the real identity needs to be known e.g. if applying for social security benefits, but in other cases, it may be a question of knowing if the person is entitled to something e.g. in drawing social security benefits.  Research is needed into the security aspects of databases – current designs are untrustworthy and quickly get polluted and compromised. These create challenges for applications – the tradeoffs between privacy, identity and the societal requirements that these privileges do not apply if used for antisocial purposes. There is a need for the lawyers, human rights champions, sociologists, psychologists, ethicists and technologists to engage in debate and conduct research and trials (not surveys) to get the balances between these right for society in the digital age and compatible with the EU Constitution.  The development of reputation based systems can complement identity based systems. Combination with the “virtual identities” can lead to some interesting and new applications. SLAs (Service Level Agreements) need to be evolved to take into account security and privacy. Just as IP traffic has developed QoS (Quality of Service) we need to develop additional control parameters, such as SoS (Security of Service), RoS (Reliability of Service) etc. Benchmarking and certification need to be developed that can give useful comparisons of security and trust approaches and implementations. Applications are needed that can demonstrate strong security through combinations of weak mechanisms, and that these will scale to large, partially open, and mobile environments.

In the Annual Policy Strategy for 2008 privacy is one of the EU Commission’s proposals for key initiatives to be taken forward in 2008 as the EU Commission will target the protection of critical communication and information infrastructures and address challenges related to privacy and security of new communication networks. The Privacy Institute Initiative is right on time to address these issues.