Tag: Digital Single Market

European Commission releases proposal to complete data protection framework

13. January 2017

On January 10th 2017 the European Commission released a Proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications.

The presented proposal pursues the implementation of the EU’s Digital Single Market strategy. The Digital Single Market strategy aims to increase trust in and the security of digital services. With the upcoming General Data Protection Regulation further legislative measures have to be implemented in order to build a coherent regulatory framework.

The proposed Regulation will repeal the Directive 2002/58/EC Regulation on Privacy and Electronic Communications, also known as the “E-Privacy Directive”, which insufficiently regards current technological developments. Especially so-called Over the Top communication services, such as the messenger services WhatsApp, Skype or Facebook Messenger, are not regulated by the E-Privacy Directive and lack sufficient privacy for its users. According to the proposed Regulation, the content of messages as well as metadata will have to remain confidential and / or anonymized unless the user consented otherwise.

In addition, the new rules set out a strategic approach relating to international data transfer. By engaging in so-called “adequacy decisions” the transfer of personal data will be simplified while a high level of privacy remains.

The proposed Regulation further contains rules to ensure that personal data, which is processed by EU institutions and bodies, is handled according to the measures of the General Data Protection Regulation.

Finally, since the nature of the Proposal is a regulation instead of a directive, it should have a stronger impact for both consumers and businesses.

Ideally the legislative process will be finalized by May 25th 2018, when the General Data Protection Regulation will enter into force.

Category: EU · EU Commission · European Data Protection · General Data Protection Regulation · International Data Transfers
Tags: ,

NIS Directive has been adopted by the EU Commission

12. July 2016

On the 6th July 2016, the Vice-President of the EU Commission, Andrus Ansip, and Commissioner Günther H. Oettinger announced the approval of the NIS Directive, this is the Directive on Security of Network and Information Systems.

NIS Directive is one of the main legislative proposals in the context of the Cybersecurity Strategy developed by the EU and focuses on the following aspects:

  • The development of a national system to face cybersecurity attacks such as a Computer Security Incident Response (CSIRT) and a competent authority in cybersecurity issues.
  • A strategic cooperation mechanism between Member States and a development of a CSIRT Network in order to share information about risks.
  • To promote a culture of IT-security in all industry sectors, especially those identified as being “operators of essential services”. This also means to adopt adequate incident response plans. The Directive will apply also to digital service providers such as cloud computing, search engines and e-commerce businesses.

The Directive will enter into force in August 2016 and EU Member States will have 21 months to implement it into their national laws.

Category: Cyber Security · EU Commission · European Data Protection
Tags: ,

Agreement on cybersecurity signed between the EU Commission and the industry

7. July 2016

On Wednesday, the EU Commission announced the launch of a public-private partnership with the cybersecurity industry as part of its Digital Single Market strategy. This partnership aims at providing the industry with better equipment and infrastructure to reduce cybersecurity threats.

Recent surveys have revealed that around 80% of European companies have suffered at least one cybersecurity incident during 2015. Worldwide, the number of cybersecurity incidents increased up to 38%. Andrus Ansip, Vice-President for the Digital Single Market, stated that “without trust and security, there can be no Digital Single Market”. Therefore several measures haven been proposed in order to tackle the increasingly sophisticated threats.

The initiative focuses on the following aspects:

  • Reinforcement of cooperation across borders and between all sectors of the cybersecurity branch
  • Support the development of innovative and secure products and services
  • Creation of a possible certification framework for information and communications technology security products
  • Ease access to the cybersecurity market for smaller business
  • Assessment of the capabilities and mandate of European Union Agency for Network and Information Security (ENISA) to achieve its mission to support EU Member States in reinforcing cyber-resilience
  • Evaluation of methods to strengthen cybersecurity cooperation, trainings and education

Both, the EU and the cybersecurity industry actors, represented by the European Cybersecurity Organization (ECSO), will invest around €1.8 billion in this initiative. Members from national, regional and local public administration, as well as research centres and academies will also participate.

The main industry sectors to which this partnership is focused are finance, health, energy and transport.

The EU Digital Single Market strategy also includes the 2013 EU Cybersecurity strategy and the Network and Information Security Directive (NIS Directive), which is expected to be approved within the next weeks.

Category: Cyber Security
Tags: ,