Cybersecurity strategy and directive published

An open, safe and secure cyberspace is the corner stone of a new cybersecurity strategy published by the European Commission today.

The strategy, accompanied by a proposal for a new cybersecurity directive aimed at maintaining high levels of cyber security across Europe intends to protect information and communications technology - the backbone of Europe's economic growth and a critical resource upon which all economic sectors rely. Anything to do with cybersecurity law always raises concerns about cost, online privacy and putting enough checks and balances in place to ensure a proportionate and fair regime.

New cybersecurity reporting rules

The cybersecurity proposals have already come under fire from business leaders. They have warned of the financial and management consequences of the mandatory requirements to report all data breaches or cyber security incidents to national authorities. European digital rights group EDRi has also said that the move would give national authorities access to "sufficient information from almost everyone online" in breach of the European Convention on Human Rights.

Trust and confidence

globe padlocks, web security, network and information security directive, cybersecurityOnline technologies now underpin many complex systems which keep our economies running such as finance, health, energy and transport; while many business models are built on the uninterrupted availability of the Internet and the smooth functioning of information systems.

But a recent Eurobarometer survey showed that almost a third of Europeans are not confident in their ability to use the Internet for banking or purchases. An overwhelming majority also said they avoid disclosing personal information online because of security concerns.

Across the EU, more than one in ten Internet users has now been a victim of online fraud.

Under the new cybersecurity proposals so-called "enablers of information society services", which would include companies such as PayPal, Google, Amazon, eBay and Skype, would have to notify authorities of data-privacy breaches or "incidents with a significant impact" on services, such as natural disasters, extreme weather and cases of human error, as well as cyber attacks.

"There must be consequences if this is not done," said a Commission official, "but it is up to the member states what sort of sanctions they want to implement".

"Complete hotch-potch"

But critics remain concerned that the strategy has not been thought through properly. Sophie in 't Veld, a Dutch Member of the European Parliament commented

"It is incoherent, lacking in focus and a complete hotch-potch."

"It looks like almost every Directorate General (department) in the Commission wanted to write its own bit of the strategy. It bothers me that all these different policy areas are being lumped together in one document. It covers so much, from internet fraud and illegal downloading, to child pornography and international security," she said.

"The lines are being blurred and we need to safeguard the fundamental rights we expect in a democracy and not cede disproportionate powers to law enforcement," said In't Veld.

Further information