EC plans stronger data protection and copyright laws

Digital Agenda pushes standards

Seven Steps to Software Security

Updated The European Commission will strengthen legal protections for personal data, reform copyright law and ensure that device and software makers embrace standards, it said when outlining its new digital policies.

The Commission will also consider forcing companies to tell users and customers when their systems have been breached and personal data has been lost, stolen or exposed.

The Commission has published its Digital Agenda, the series of aims which will guide its legislating and policy formation activities in the next 10 years.

"We must put the interests of Europe's citizens and businesses at the forefront of the digital revolution and so maximise the potential of Information and Communications Technologies (ICTs) to advance job creation, sustainability and social inclusion", said Commission vice president for the digital agenda Neelie Kroes. "The ambitious strategy set out today shows clearly where we need to focus our efforts in the years to come. To fully realise the potential of Europe's digital future we need the full commitment of Member States, the ICT sector and other vital economic players."

The Commission's priorities include changing copyright law to make cross-border trade in digital goods and services more widespread, it said.

"Citizens should be able to enjoy commercial services and cultural entertainment across borders. But EU online markets are still separated by barriers which hamper access to pan-European telecoms services, digital services and content," said a Commission statement on the Agenda. "Today there are four times as many music downloads in the US as in the EU because of the lack of legal offers and fragmented markets. The Commission intends to open up access to legal online content by simplifying copyright clearance, management and cross-border licensing. Other actions include making electronic payments and invoicing easier and simplifying online dispute resolution."

The Commission's plan also includes a proposal to strengthen data protection law to cultivate trust in online services.

"Europeans will not embrace technology they do not trust – they need to feel confident and safe online," said the Commission statement. "A better coordinated European response to cyber-attacks and reinforced rules on personal data protection are part of the solution. Actions could also potentially oblige website operators to inform their users about security breaches affecting their personal data."

The proposals include plans to investigate whether more companies should be subject to a security breach notification law. New telecoms legislation passed in the EU last year ordered telecoms providers to tell customers if the security of their personal data had been compromised. The Commission could extend this to other kinds of companies.

"As part of the modernisation of the EU personal data protection regulatory framework to make it more coherent and legally certain, [we will] explore the extension of security breach notification provisions," said the Digital Agenda.

The Agenda identifies seven areas for action. These are: creating a digital Single Market, greater interoperability, boosting internet trust and security, much faster internet access, more investment in research and development, enhancing digital literacy skills and inclusion, and applying information and communications technologies to address challenges facing society like climate change and the ageing population.

The Digital Agenda itself is made up of 100 actions that the Commission will take, 31 of which involve changing EU law, the Commission said.

It said it will "improve" standard-setting so that technologies are more likely to work together. Standards are set by industry on a voluntary basis to help devices work together and to lower manufacturing and design costs by the use of standardised components or technologies.

Open standards lobbying body the Free Software Foundation said, though, that the Commission's planned action on standardisation was inadequate.

"The [Commission] needs to adopt a strict definition of open standards, along the lines of the first European Interoperability Framework," said Karsten Gerloff, president of the Free Software Foundation Europe. "The Commission needs to put open standards at the heart of its strategy for the public sector's IT systems. Only with the competition that open standards enable will we tap the full potential of free software for European innovation."

The Agenda commits the Commission to an increase in funding for research in information and communication technologies. It said it wanted a far greater penetration of superfast broadband internet networks, but did not pledge money to build the networks, only saying that it would "explore how to attract investment in broadband through credit enhancement mechanisms and will give guidance on how to encourage investments in fibre-based networks".

"The digital world affects us all – there is no choice about that," said Kroes. "But we can take the decision to use these changes to boost European growth, jobs and the well-being of our citizens. That is the decision the Commission is taking today, and we call on all those with a stake in this digital future for Europe to join us in moving forward."

Editor's note, 21/05/2010: Our original article suggested that Karsten Gerloff was part of the Free Software Foundation (FSF). He isn't: he's with the Free Software Foundation Europe, which is an independent sister organisation of the FSF in the US.

Also, our original intro said that the European Commission would ensure that device and software makers embrace open standards. That was inaccurate. After our story was published, Karsten pointed out:

During the negotiations within the EC about the Digital Agenda, Open Standards were at the center of a heated battle between different Directorates General and interest groups. In the published result, you will note that the agenda does not contain the term 'open standard' -- it only talks about 'standards'". This is one of several aspects where the published communication falls behind earlier drafts seen by FSFE, and sadly matches the way in which the European Interoperability Framework is being watered down by the Commission, to the dismay of a number of Member States (see a comparison of various draft EIF revisions).

Consequently, we've changed the reference in our intro to 'standards' instead of 'open standards'.

We apologise for the inaccuracies in our original report.

See: The Digital Agenda (42pg/316kb pdf)

Copyright © 2010, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.