Our lives will be more and more influenced by technology, from widely used internet-connected consumer products to major infrastructure. While this is exciting, it is also a reason for concern, since cyber-attacks can lead to breaches of our privacy as well as to financial or other types of damage.
This illustrates the importance of making decisive and timely progress towards privacy and security by design. We need to get away from the current situation in which in particular security considerations still often come at the end of the design process.
The General Data Protection Regulation already establishes the principle of “data protection by design”, requiring that data protection be taken into account from the moment any new data processing is considered. The Commission’s proposal for an ePrivacy Regulation also includes the concept of privacy by design by introducing an obligation for software to allow users to choose between privacy settings.
Regarding security, we have not yet achieved this level of formality. Yet, given the close and often causal link between security and privacy risks, we must pursue also this aspect with urgency.
In the Cybersecurity Act, the Commission has proposed to set up an EU voluntary cybersecurity certification framework. Negotiations with the European Parliament and the Council have started and the proposal should become law in early 2019 at the latest. The concrete cybersecurity certification schemes to be agreed under this framework, coupled with independent verification of compliance, will enhance the level of security of the concerned digital products and services across the Union. They will do so because manufacturers will incorporate security features in the early stages of technical design and development, and by enabling users to check and understand the level of security assurance.
More recently, the European Commission has proposed the creation of a European Cybersecurity Competence Centre and a Network of cybersecurity competence centres in the Member States. Here, the aim is to better tap into existing expertise and to coordinate available funding for cybersecurity research and innovation as well as for capacities building and support to deployment of cybersecurity technology across the economy. We also want to create more synergies between the public and private sectors and the European and Member State levels. This is an area where “more Europe” is necessary in order to be successful.
We therefore count on the support of the European Parliament and of our Member States to these ambitious proposals, including the proposals for the next multi-annual budget of the EU.
Mariya Gabriel is the European Commissioner for Digital Economy and Society. She is responsible for preparing proposals for the completion of a connected Digital Single Market and for facilitating the adoption of all legislative proposals presented by the Commission in this respect. She is also in charge of developing and implementing measures to make Europe more trusted and secure online for the benefits of citizens and businesses. Prior to this she held different positions with the EPP Group in the European Parliament, including Vice-President of the groupe between 2014 and 2017. She holds aMaster in Comparative Politics and International Relations from the Bordeaux Academy for Political Science, a Certificate in Political Science, from IEP Bordeaux, and a BA in Bulgarian and French Languages from Paisii Hilendarski Plovdiv University, Bulgaria