On 24 March 2017, the European Commission’s Scientific Advice Mechanism published an independent scientific opinion on cyber security in the Digital Single Market to aid EU-level policy makers. The opinion includes ten broad recommendations for simplifying and securing online operations undertaken by people and businesses throughout the EU, including:
- Cryptography – ensure that standards in the EU reach and remain at start-of-the-art levels. “Back doors” and other ways of weakening encryption should be avoided.
- Systems engineering approach – for example, security and privacy by design and default.
- Technical vulnerabilities – provide economic and legal incentives to encourage the disclosure and repair of vulnerabilities. A “duty of care” on software providers to consumers is recommended.
- Contextual identity – promote context-tailored digital identities whereby users are only required to provide necessary data would help strengthen privacy.
- Cyber security awareness – promote data-literacy education.
- User choice – give users well-informed options including the opt-out right not to be profiled and the right to be forgotten.
- Cyber security industry – supporting areas such as data transfer and network technologies, the protection of metadata, and cloud-based data storage and processing will help to increase job creation as well as enhancing the security of digital systems for citizens in the EU.
- Training – promote cyber security education and the development of a systems design model which incorporates security from the start.
- Evidence collection and sharing – improve cooperation among EU Member States as well as national entities (e.g. Computer Emergency Response Teams).
- EU and the world – a strong governance framework and respecting the fundamental rights of EU citizens are the bases for placing Europe at the forefront of cyber security in the global digital economy.
The scientific opinion will feed into the Commission’s 2017 actions on cyber security, although the extent to which the UK will continue to benefit from any of these actions following Brexit remains unclear. The UK’s European Scrutiny Committee has requested a clear legal assessment from the UK government as to which of the EU’s Digital Single Market initiatives could be achieved through UK domestic law and which would require a bilateral agreement following Brexit.
Click here to view the Scientific Opinion on cyber security in the European Digital Single Market.