EC plans stronger data protection and copyright laws

Digital Agenda pushes standards


Updated The European Commission will strengthen legal protections for personal data, reform copyright law and ensure that device and software makers embrace standards, it said when outlining its new digital policies.

The Commission will also consider forcing companies to tell users and customers when their systems have been breached and personal data has been lost, stolen or exposed.

The Commission has published its Digital Agenda, the series of aims which will guide its legislating and policy formation activities in the next 10 years.

"We must put the interests of Europe's citizens and businesses at the forefront of the digital revolution and so maximise the potential of Information and Communications Technologies (ICTs) to advance job creation, sustainability and social inclusion", said Commission vice president for the digital agenda Neelie Kroes. "The ambitious strategy set out today shows clearly where we need to focus our efforts in the years to come. To fully realise the potential of Europe's digital future we need the full commitment of Member States, the ICT sector and other vital economic players."

The Commission's priorities include changing copyright law to make cross-border trade in digital goods and services more widespread, it said.

"Citizens should be able to enjoy commercial services and cultural entertainment across borders. But EU online markets are still separated by barriers which hamper access to pan-European telecoms services, digital services and content," said a Commission statement on the Agenda. "Today there are four times as many music downloads in the US as in the EU because of the lack of legal offers and fragmented markets. The Commission intends to open up access to legal online content by simplifying copyright clearance, management and cross-border licensing. Other actions include making electronic payments and invoicing easier and simplifying online dispute resolution."

The Commission's plan also includes a proposal to strengthen data protection law to cultivate trust in online services.

"Europeans will not embrace technology they do not trust – they need to feel confident and safe online," said the Commission statement. "A better coordinated European response to cyber-attacks and reinforced rules on personal data protection are part of the solution. Actions could also potentially oblige website operators to inform their users about security breaches affecting their personal data."

The proposals include plans to investigate whether more companies should be subject to a security breach notification law. New telecoms legislation passed in the EU last year ordered telecoms providers to tell customers if the security of their personal data had been compromised. The Commission could extend this to other kinds of companies.

"As part of the modernisation of the EU personal data protection regulatory framework to make it more coherent and legally certain, [we will] explore the extension of security breach notification provisions," said the Digital Agenda.

The Agenda identifies seven areas for action. These are: creating a digital Single Market, greater interoperability, boosting internet trust and security, much faster internet access, more investment in research and development, enhancing digital literacy skills and inclusion, and applying information and communications technologies to address challenges facing society like climate change and the ageing population.

The Digital Agenda itself is made up of 100 actions that the Commission will take, 31 of which involve changing EU law, the Commission said.

It said it will "improve" standard-setting so that technologies are more likely to work together. Standards are set by industry on a voluntary basis to help devices work together and to lower manufacturing and design costs by the use of standardised components or technologies.

Open standards lobbying body the Free Software Foundation said, though, that the Commission's planned action on standardisation was inadequate.

"The [Commission] needs to adopt a strict definition of open standards, along the lines of the first European Interoperability Framework," said Karsten Gerloff, president of the Free Software Foundation Europe. "The Commission needs to put open standards at the heart of its strategy for the public sector's IT systems. Only with the competition that open standards enable will we tap the full potential of free software for European innovation."

The Agenda commits the Commission to an increase in funding for research in information and communication technologies. It said it wanted a far greater penetration of superfast broadband internet networks, but did not pledge money to build the networks, only saying that it would "explore how to attract investment in broadband through credit enhancement mechanisms and will give guidance on how to encourage investments in fibre-based networks".

"The digital world affects us all – there is no choice about that," said Kroes. "But we can take the decision to use these changes to boost European growth, jobs and the well-being of our citizens. That is the decision the Commission is taking today, and we call on all those with a stake in this digital future for Europe to join us in moving forward."

Editor's note, 21/05/2010: Our original article suggested that Karsten Gerloff was part of the Free Software Foundation (FSF). He isn't: he's with the Free Software Foundation Europe, which is an independent sister organisation of the FSF in the US.

Also, our original intro said that the European Commission would ensure that device and software makers embrace open standards. That was inaccurate. After our story was published, Karsten pointed out:

During the negotiations within the EC about the Digital Agenda, Open Standards were at the center of a heated battle between different Directorates General and interest groups. In the published result, you will note that the agenda does not contain the term 'open standard' -- it only talks about 'standards'". This is one of several aspects where the published communication falls behind earlier drafts seen by FSFE, and sadly matches the way in which the European Interoperability Framework is being watered down by the Commission, to the dismay of a number of Member States (see a comparison of various draft EIF revisions).

Consequently, we've changed the reference in our intro to 'standards' instead of 'open standards'.

We apologise for the inaccuracies in our original report.

See: The Digital Agenda (42pg/316kb pdf)

Copyright © 2010, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.


Other stories you might like

  • Will this be one of the world's first RISC-V laptops?
    A sneak peek at a notebook that could be revealed this year

    Pic As Apple and Qualcomm push for more Arm adoption in the notebook space, we have come across a photo of what could become one of the world's first laptops to use the open-source RISC-V instruction set architecture.

    In an interview with The Register, Calista Redmond, CEO of RISC-V International, signaled we will see a RISC-V laptop revealed sometime this year as the ISA's governing body works to garner more financial and development support from large companies.

    It turns out Philipp Tomsich, chair of RISC-V International's software committee, dangled a photo of what could likely be the laptop in question earlier this month in front of RISC-V Week attendees in Paris.

    Continue reading
  • Did ID.me hoodwink Americans with IRS facial-recognition tech, senators ask
    Biz tells us: Won't someone please think of the ... fraud we've stopped

    Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam.

    ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax records in the future. After a public backlash, the IRS reconsidered its plans, and said taxpayers could choose non-biometric methods to verify their identity with the agency online.

    Just before the IRS controversy, ID.me said it uses one-to-one face comparisons. "Our one-to-one face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use one-to-many facial recognition, which is more complex and problematic. Further, privacy is core to our mission and we do not sell the personal information of our users," it said in January.

    Continue reading
  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading

Biting the hand that feeds IT © 1998–2022