It's a hard time, as ever, for the hardworking EU Internet lawyer to keep on top of developments. With the proposal for reform of the DPD due for the end of 2010 (which I have been very pleased to play a small part in lately as an international expert on the Impact report) and the moves towards ACTA have been hogging the headlines, less attention has been paid to the EU's new Digital Agenda programme: but on a quick look it is chock full of goodies. Pangloss's interest fell particularly on the Trust and Security section which promises:
- in 2010 measures aiming at a reinforced and high level Network and Information Security Policy, including legislative initiatives such as a modernised European Network and Information Security Agency (ENISA), and measures allowing faster reactions in the event of cyber attacks, including a CERT for the EU institutions;
- measures, including legislative initiatives, to combat cyberattacks against information systems by 2010, and related rules on jurisdiction in cyberspace at European and international levels by 2013;
- Establish a European cybercrime platform by 2012;
- Examine the feasibility by 2011 to create a European cybercrime centre;
- Work with global stakeholders notably to strengthen global risk management in the digital and in the physical sphere and conduct internationally coordinated targeted actions against computer-based crime and securityattacks;
- Support EU-wide cyber-security preparedness exercises,from 2010;
- As part of the modernisation of the EU personal data protection regulatory framework to make it more coherent and legally certain, explore the extension of security breach notification provisions;
- Give guidance by 2011 for the implementation of new Telecoms Framework with regard to the protection of individuals' privacy and personal data;
- Support reporting points for illegal content online (hotlines) and awareness campaigns on online safety for children run at national level and enhance pan-European cooperation and sharing of best practice in this field;
- Foster multi-stakeholder dialogue and self-regulation of European and global service providers (e.g. social networking platforms, mobile communications providers), especially as regards use of their services by minors.
The right to privacy and to the protection of personal data are fundamental rights in the EU which must be – also online - effectively enforced using the widest range of means: from the wide application of the principle of "Privacy by Design" in the relevant ICT technologies, to dissuasive sanctions wherever necessary.It is good to see privacy given the same attention as security in a document of thus kind, and it's something I'll be reporting to the the CCDCOE Conference on Cyber Conflict in Tallinn next week when I speak of what law can and can't (or shouldn't) do in the fight against cyber attacks in Europe.
If you want to have your say in the Digital Agenda programme by the way, go here: the form appears to be open to all.