Feeds

EC plans stronger data protection and copyright laws

Digital Agenda pushes standards

Combat fraud and increase customer satisfaction

Updated The European Commission will strengthen legal protections for personal data, reform copyright law and ensure that device and software makers embrace standards, it said when outlining its new digital policies.

The Commission will also consider forcing companies to tell users and customers when their systems have been breached and personal data has been lost, stolen or exposed.

The Commission has published its Digital Agenda, the series of aims which will guide its legislating and policy formation activities in the next 10 years.

"We must put the interests of Europe's citizens and businesses at the forefront of the digital revolution and so maximise the potential of Information and Communications Technologies (ICTs) to advance job creation, sustainability and social inclusion", said Commission vice president for the digital agenda Neelie Kroes. "The ambitious strategy set out today shows clearly where we need to focus our efforts in the years to come. To fully realise the potential of Europe's digital future we need the full commitment of Member States, the ICT sector and other vital economic players."

The Commission's priorities include changing copyright law to make cross-border trade in digital goods and services more widespread, it said.

"Citizens should be able to enjoy commercial services and cultural entertainment across borders. But EU online markets are still separated by barriers which hamper access to pan-European telecoms services, digital services and content," said a Commission statement on the Agenda. "Today there are four times as many music downloads in the US as in the EU because of the lack of legal offers and fragmented markets. The Commission intends to open up access to legal online content by simplifying copyright clearance, management and cross-border licensing. Other actions include making electronic payments and invoicing easier and simplifying online dispute resolution."

The Commission's plan also includes a proposal to strengthen data protection law to cultivate trust in online services.

"Europeans will not embrace technology they do not trust – they need to feel confident and safe online," said the Commission statement. "A better coordinated European response to cyber-attacks and reinforced rules on personal data protection are part of the solution. Actions could also potentially oblige website operators to inform their users about security breaches affecting their personal data."

The proposals include plans to investigate whether more companies should be subject to a security breach notification law. New telecoms legislation passed in the EU last year ordered telecoms providers to tell customers if the security of their personal data had been compromised. The Commission could extend this to other kinds of companies.

"As part of the modernisation of the EU personal data protection regulatory framework to make it more coherent and legally certain, [we will] explore the extension of security breach notification provisions," said the Digital Agenda.

The Agenda identifies seven areas for action. These are: creating a digital Single Market, greater interoperability, boosting internet trust and security, much faster internet access, more investment in research and development, enhancing digital literacy skills and inclusion, and applying information and communications technologies to address challenges facing society like climate change and the ageing population.

The Digital Agenda itself is made up of 100 actions that the Commission will take, 31 of which involve changing EU law, the Commission said.

It said it will "improve" standard-setting so that technologies are more likely to work together. Standards are set by industry on a voluntary basis to help devices work together and to lower manufacturing and design costs by the use of standardised components or technologies.

Open standards lobbying body the Free Software Foundation said, though, that the Commission's planned action on standardisation was inadequate.

"The [Commission] needs to adopt a strict definition of open standards, along the lines of the first European Interoperability Framework," said Karsten Gerloff, president of the Free Software Foundation Europe. "The Commission needs to put open standards at the heart of its strategy for the public sector's IT systems. Only with the competition that open standards enable will we tap the full potential of free software for European innovation."

The Agenda commits the Commission to an increase in funding for research in information and communication technologies. It said it wanted a far greater penetration of superfast broadband internet networks, but did not pledge money to build the networks, only saying that it would "explore how to attract investment in broadband through credit enhancement mechanisms and will give guidance on how to encourage investments in fibre-based networks".

"The digital world affects us all – there is no choice about that," said Kroes. "But we can take the decision to use these changes to boost European growth, jobs and the well-being of our citizens. That is the decision the Commission is taking today, and we call on all those with a stake in this digital future for Europe to join us in moving forward."

Editor's note, 21/05/2010: Our original article suggested that Karsten Gerloff was part of the Free Software Foundation (FSF). He isn't: he's with the Free Software Foundation Europe, which is an independent sister organisation of the FSF in the US.

Also, our original intro said that the European Commission would ensure that device and software makers embrace open standards. That was inaccurate. After our story was published, Karsten pointed out:

During the negotiations within the EC about the Digital Agenda, Open Standards were at the center of a heated battle between different Directorates General and interest groups. In the published result, you will note that the agenda does not contain the term 'open standard' -- it only talks about 'standards'". This is one of several aspects where the published communication falls behind earlier drafts seen by FSFE, and sadly matches the way in which the European Interoperability Framework is being watered down by the Commission, to the dismay of a number of Member States (see a comparison of various draft EIF revisions).

Consequently, we've changed the reference in our intro to 'standards' instead of 'open standards'.

We apologise for the inaccuracies in our original report.

See: The Digital Agenda (42pg/316kb pdf)

Copyright © 2010, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.