Papers and Statements


Critical technological dependency requires a revised privacy policy of major service providers, 2016

CEPIS strongly defends the principle that new ICT technologies should guarantee the privacy of its potential users prior to their introduction.

Critical technological dependency requires a revised privacy policy of major service providers


Code of Best Practices for Green ICT, 2015

CEPIS is committed to mobilising the ICT community through its member informatics societies to promote Green ICT and the use of ICT to help organisations and individuals work in more sustainable and energy efficient ways that reduce impacts on the environment. CEPIS and national European informatics societies are now, as part of this on-going commitment, proposing a Code of Best Practices for Green ICT. The Code seeks to raise awareness and adoption of easy-to-implement and cost-saving best practices amongst all European enterprises.

Code of Best Practices for Green ICT


Position on the Electronic identification and trust services (eIDAS), 2015

The next generation of eIDs could bring strong and efficient data protection to European citizens. In the electronic identification and trust services environment for electronic transactions, the realization of identification and authentication using an eID should prevent tracking of users.

Position on the Electronic identification and trust services (eIDAS)


Statement on Supporting High-level Decision Making on Cyber Security and Privacy Protection with Reliable Data, 2014

There is no doubt that both privacy protection and cyber security (i.e. addressing the problem of security of cyberspace on a national or international level) have achieved some recognition from governments and international bodies. Subsequently, the need for various high-level decisions highlights the importance of proper fundamentals for such decision making.

Statement on Supporting High-level Decision Making on Cyber Security and Privacy Protection with Reliable Data


Computing in Schools - A Call for Action from Informatics Societies, 2014

As ICT increasingly pervades society and the economy, the demand for IT personnel is growing fast, outpacing the current supply of qualified professionals and producing chronic shortages in the computing industry. The low numbers of students choosing computing as a career is exacerbating the situation. This paper argues that children’s digital education should be reformed to better integrate Computer Science in the school curricula. The paper describes the issues arising from the lack of computing in schools, and it outlines practical steps to develop Computer Science in the classroom.

Computing in Schools - A Call for Action from Informatics Societies


Assisting EU Citizens with Reliable ICT Security Information, 2013

European citizens are used to sharing their information on the web, be it personal or professional, on a daily basis. However they are often unaware of the security risks that come with sharing data online. This is particularly problematic given the rise of ICT security breaches and large-scale data collection, as reported in the media. In this context, this CEPIS LSI SIN statement calls on policy-makers – at the European and national level - to take action to ensure that all citizens have access to trustworthy information regarding ICT threats. The paper outlines 8 key recommendations to help equip citizens with reliable ICT information.

Statement: Assisting EU Citizens with Reliable ICT Security Information


CEPIS Statement on the Future EU Data Protection Regulation, 2013

In this statement CEPIS expresses its support to the Data Protection in Europe statement and it highlights a series of issues to take into a consideration with regard to the draft EU General Protection Regulation proposed by the European Commission  to replace the current Data Protection Directive adopted in 1995. For instance, pseudonymisation, anonymisation and encryption should not be misunderstood as a replacement for data protection by regulation or as reason to lower the level of data protection regulation Europe.

Read the CEPIS Statement on the draft EU General Data Protection


CEPIS Women in ICT Position Statement, 2013

The CEPIS Women in ICT Task Force has identified five priorities to get more young girls and women into ICT and to help close the digital jobs gap. The declining supply of ICT graduates coupled with the growing demand of digital jobs is a serious threat for the ICT profession, the sector and Europe’s employment and growth potential. The priorities identified by the Task Force include the creation of a European Girls in ICT Day, the promotion of strong female ICT role models to inspire young girls, and a greater integration of ICT in the classroom and in the curriculum.

Read the Position Statement 'Building the Gender Balance in the ICT Profession'


Cloud Computing Security and Privacy Statement, 2011

This statement explores the security and privacy implications associated with Cloud Computing. It examines areas such as the loss of control over data and dependence on the Cloud Computing provider and outlines the related issues. CEPIS provides 15 recommendations on measures that should be taken to deal with the risks and privacy invasion factors of Cloud Computing.

Statement: Cloud Computing Security and Privacy Issues

This statement has also been translated into Greek by the CEPIS Member Society, Hellenic Professionals Informatics Society (HePIS), and translated into Spanish by Asociación de Técnicos de Informática (ATI).

Download the Statement in Greek

Download the Statement in Spanish

This statement was originally provided by CEPIS LSI SIN. Please send your comments to Marko Hölbl


Letter of support on data protection in the framework of police and judicial cooperation in criminal matters to the European Data Protection Supervisor Peter Hustinx, 2009

With full credit to the outstanding work of the European Data Protection Supervisor, CEPIS would like to support the encouragement of the EDPS for the EU institutions to take part in the reflections on further improvements of the framework for data protection in law enforcement. CEPIS supports the concerns expressed with regard to the general data protection framework for police and judicial cooperation and urges the Council of the European Union to take further steps to increase the level of protection provided by the new legal instrument.

Click here to read the full letter

The statement was originally provided by CEPIS LSI SIN


Privacy-Consistent Banking Acquisition Statement, 2009

This statement outlines the practice that has developed within some banks in Europe to acquire more information than necessary about their clients. This practice presents a serious threat to the protection of the privacy of European citizens, in particular with respect to the principle of proportionality of data. The statement includes recommendations to address this situation and brings both the acquisition and access to data in line with European privacy regulations.

Statement: Privacy-Consistent Banking Acquisition Statement

The statement was originally provided by CEPIS LSI SIN. Please send your comments to Joop Verbeek


Social Networks - Problems of Security and Data Privacy Statement, 2008

This paper, together with its associated background paper, explores the Security and Privacy issues with Social Networking sites from both a business and personal perspective. At a time when the use or misuse of personal data is said to be of great concern to the citizen, this same citizen may voluntarily place his information on social network sites and see no contradiction. The extent to which this information may be mined for other purposes is unclear. In a corporate environment the use of social software as a part of the business process brings security issues that require a new security model. Some recommendations are made for the way forward.

Social Networks – Problems of Security and Data Privacy Statement

Social Networks – Problems of Security and Data Privacy: Background Paper

The paper was originally provided by CEPIS LSI SIN. Please send your comments to Les Fraser


Position Paper on Universities, 2008

This paper discusses the challenges that Universities offering informatics degrees face in today’s rapidly changing world. The paper focuses on the collaboration between universities and the industry contending that it can be mutually beneficial and help Europe to create a dynamic and competitive knowledge economy. Furthermore, the paper examines the role that the EU and other stakeholders can take in facilitating university-industry relations. CEPIS, being the representative of the ICT professionals in Europe, can work with the Universities, Industry and the European Commission to ensure that education institutions can satisfy the needs of the knowledge base economy.

Position Paper on Universities - October 2008


Position paper on data retention, 2008

The statement on data retention, endorsed by the CEPIS Legal and Security Informatics SIN, discusses new issues that have arisen since the adoption of the data retention Directive. The major concerns include the period of time for which data can be retained, the security of stored data, mutual cooperation between service providers and the authorities and the reimbursement of costs. Moreover, the paper makes recommendations on the definitions of “serious crime”, retained data, the problem of communicating content information, a shorter retention period, secure storage and transfer of data and reimbursement of costs.

Position paper on data retention

The statement was originally provided by CEPIS LSI SIN. Please send your comments to Eleni Kosta


Authentication approaches for on-line banking, 2007

The statement, endorsed by CEPIS, discusses authentication and security issues of on-line banking. The popularity and wide use of on-line banking can lead to abuses, activities by malicious and criminal users and a rise in organised criminal attempts (e.g. phishing). The statement surveys contemporary authentication approaches used by European banks and points out that complex and error prone security measures do not provide any security improvement, but rather discourage or prevent users easily entering the electronic market place. The recommendations are targeted at different partiesm, i.e. banks and other financial institutions and organizations, governments and regulators, professionals and customers. For each group specific recommendations are suggested.

CEPIS Position on Authentication Approaches for Online Banking

CEPIS Position on Authentication Approaches for Online Banking: Background Paper

The statement was originally provided by CEPIS LSI SIN. Please send your comments to Marko Hölbl


Data Retention has Serious Consequences, 2004

The original data retention statement from 2004 discusses protection of privacy of citizens, major problems in the technical and financial realization of data retention of such a vast scope. The recommendations include the reduction of the retention time and the amount of the retained data. Additionally, the costs for the necessary data retention facilities should be put into public hands by law.

Data retention has serious consequences


E-commerce, 1999

In the statement, published in 1999, e-commerce is considered as a desirable development given appropriate governmental and societal regulation and discipline. Specifically, the development of appropriate standards and generally accepted codes of good practice and codes of conduct are recommended. Associated with these should be the institution of competent complaint boards and other forms of assistance.

CEPIS Position Statement: Electronic Commerce


Crypto Statement, 1996

The statement on the control of encryption was issued in 1996. It discusses whether the import, export and production of cryptographic tools, as well as their use, should be restricted. Recommendations were proposed regarding the unrestricted use of cryptography for certain purposes, the ability of all individuals and organisations in the private and public sectors to use cryptography, not reducing the opportunities for individuals or organizations in the private and public sectors, and on an agreement of governments on a policy relating to their access to computerized data.

Policy Statement: Governmental Restrictions on Encryption Products Put Security at Risk