By Leonardo Sforza, Managing Director, Brussels, MSLGROUP EMEA
Last month, the European police broke up a cybercrime ring that had affected millions of computers with “ransomware“. The damage was in millions of Euros and the affected were spread across 30 nations. In another case, $70 million in assets were stolen from European and American bank customers by a sophisticated botnet called Zeus, according to FastCompany.
These are just some of the multitude of crimes that are part of the evolving threat of cybercrime in Europe today. And according to the Norton 2012 study, 1 in 5 online adults (21 percent) has been a victim of either social or mobile cybercrime across the world. Data protection legislation can be instrumental to preventing cybercrime as it obliges data controllers to analyse risks and take appropriate security measures.
A recent study carried out on behalf of the European Parliament on fighting cyber crime and protecting privacy in the cloud shows the challenges raised by the growing reliance on cloud computing and the inadequacy of the current regulatory framework. The European Commission is understandably anxious about preparing a more robust security framework to tackle cyber crime and ensuring data protection of citizens.
Here we look at some of the recent legislative proposals put forward by the EU executive agency on online security, privacy and copyright laws in Europe. We hope that this will inspire you and your organisation to better address forthcoming legislative changes that will have an impact well beyond the European region.
“Warfare has changed. In today’s threat environment, muscles are needed much less, you only need a PC and broadband.”~Head of the European cybercrime centre Troels Oerting.
The European Commission and the High Representative of the Union for Foreign Affairs and Security Policy, jointly presented on 7 February a cybersecurity strategy, along with a Commission proposal for a Directive on network and information security. The European Union also recently set up a new Cyber Crime wing in the Hague that will work closely with the Council of Europe.
The strategy revolves around five priorities: achieving cyber resilience, reducing cybercrime, developing cyber defense policy and capabilities, developing the industrial and technological resources for cyber security and establishing a coherent international cyberspace policy promoting EU values.
The aim of the proposed Directive is to improve the security of the Internet and the private networks of particular relevance for the functioning of EU economy and societies.
New Challenges and Opportunities Ahead
Operators of critical infrastructures, such as energy, transport and key providers of information society services (e-commerce platforms, social networks…) will need to revise their strategies. Public administrations will need to adopt appropriate steps to manage security risks. All serious incidents will have to be reported to the national competent authorities. If you need help to gain insight on how EU policy makers are addressing these changes, connect with us – www.mslgroup.com
Overreaching reshuffling of EU Data Protection legislation
The review of EU data protection legislation is making progress on the table of the EU Co-legislators, namely the European Parliament and the Council of Ministers, while the debate around the effectiveness and adequacy of proposed legislation is heating up. The need to obtain the data holder’s “explicit consent” before processing personal data, a true single EU data protection regime to cut costly administrative burdens, the disclosure and use of private-sector data for law enforcement purposes, the internet user’s “right to be forgotten” and the transfer of personal data to third countries were among the main issues raised in the discussion at the Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament, that largely backed the changes proposed by the European Commission a year earlier but added 350 new amendments. One of the most controversial changes introduced regard the “explicit consent” requirements and its far reaching consequences.
For example, the processing of sensitive data for statistical and scientific research purposes would not be considered any more as a lawful exception to stringent rules applicable to other types of data with the risk to compromise healthcare research, notably for rare diseases in Europe as claimed by the European patient association Eurordis.
Other definitions being modified are the controversial “right to be forgotten” clause and conditions for transfer of data abroad.
Google was recently taken to court for violating the users’ “Right to be Forgotten”, which is included in the proposed regulation for data protection but not yet adopted. Now, we hear of a similar case being brought up in the UK.
To understand the subject in-depth, read this report “The Right to be forgotten: between expectations and practice.”
Members of Parliament will now have until end of April to adopt their final decision. From May onwards, the Commission, the Parliament and the Council will engage trialogue negotiations with the view to find a compromise on the final text of the legislative package under review. The Irish Presidency of the EU has made data protection a priority and intends to achieve a political agreement on the data protection package by the end of its mandate in June.
3 EU Commissioners Set New ‘Vision’ For Copyright
In December, the Commission urged the industry to deliver innovative solutions for greater access to online content. On 29 January, commissioners Michel Barnier (Internal Market and Services), Neelie Kroes (Digital Agenda) and Androulla Vassiliou (Education, Culture, Multilingualism and Youth), discussed a new vision for copyright rules.
According to them, the future would have a single market in online music, with reformed copyright rules allowing easy, affordable, legal and Europe-wide access to millions of tracks.
The proposed EU law covers the governance and cross-border operation of collecting societies, which collect fees for the use of copyrighted music, on behalf of authors and artists. Along with this new ‘vision’, the 3 Commissioners called for stakeholders to get round the table under the Commission’s “Licenses for Europe” initiative launched in December 2012 and agree solutions to copyright and licensing issues. This structured stakeholder dialogue seeks to deliver rapid progress in four areas through practical industry-led solutions.
Innovative solutions will be needed for:
- crossborder access and the portability of services;
- user-generated content and licensing for small scale users of protected material;
- facilitating the deposit and online accessibility of films in the EU;
- and promoting efficient text and data mining for scientific research purposes.
End This “Natural Digital Law”
Moreover, the Commission has also launched a public consultation on how to better prevent breaches of copyright – in particular those being committed “on a large commercial scale”. Mr Barnier called for an end to the idea there is some kind of “natural digital law” that justifies limitless sharing of copyrighted material.
Leonardo has 25 years of Brussels-based experience in addressing European Union policy issues and corporate strategies. If you require assistance with policy intelligence and strategy, advocacy, communication and stakeholders outreach campaigns, connect with him @JKL_Group. Read more of his posts on Critical Conversations.