Position Paper: Berlin, 31 March Legislative intentions to increase IT Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security"

Transcription

1 Position Paper: Berlin, 31 March 2014 Legislative intentions to increase IT Security eco the Association of the sees itself as lobbyist and supporter of all companies that are involved in the economic creation of value on or with the Internet. The association currently represents around 700 member organizations. This includes, among others, ISPs (Internet Service Providers), carriers, hard and software suppliers, content and service providers, and communication companies. eco is, as a result, the largest national Internet Provider Association in Europe. On the national and the international level, there have been and continue to be intentions to create further legal regulations with regard to IT Security. At the federal level, the Federal Ministry for the Interior presented a draft law on the increase in security of Information Technology systems on 5 March On 14 June 2013, a hearing on the topic took place, in which eco also took the opportunity to state its position. The legislative process for the draft of an IT Security Law was, however, not completed before the election for the 18 th term of the German Federal Parliament. At the European level, the EU Commission introduced a draft directive on measures for the guarantee of a collective high level of network and information security in February 2013, the legislative process of which can be completed after the election of the new European Parliament. In the coalition contract, the German Federal Government came to an agreement on the establishment of an IT Security law. In addition to this, the Federal Government secured numerous mandates and audit engagements with regard to IT Security in the coalition contract. The individual points: The Federal Government wants to advocate a European Cyber-Security strategy; the intention is to harmonize the framework conditions for IT Security at the European level, which is also supposed to apply to a standardization of IT Security. Minimum requirements would be created for the IT Security of critical infrastructure and a duty to report significant IT Security incidents. Offers for national and European routing would be examined. For Internet Service provider, a duty to notify would be introduced if evidence of malware or other abuses arises among their customers. Page 1 of 7

2 IT manufacturers and service providers would be liable for data protection or IT Security deficiencies in their products. European telecommunication providers would be obliged to encrypt their communication connections, at least within the EU. It would be ensured that European telecommunication providers are not permitted to forward their data to foreign secret service agencies. The Federal Government wants to advocate a strengthening of the transparency of the standardization committee and a stronger German participation in this and other international committees, especially those concerning Internet architecture and Internet Governance. The development of reliable IT and network infrastructure would be supported. IT and Telecommunication Security would be brought together. For this, the Federal Office for Information Security (BSI) would be strengthened in its tasks, competencies and resources, as the national IT Security authority. Certification for Cloud infrastructure and other securityrelevant systems and services is suggested. The further development and distribution of chip card readers, cryptography, D and other secure end-to-end encryption, along with trustworthy software, would be expanded. Against the backdrop of the new draft announced by the Federal Government and the agreements to that effect in the coalition contract, eco wishes to take the opportunity to present the position of the Internet industry: Summary of the Positions: Avoid unilateral national actions, observe responsibilities, establish European and international standards. Clear legal definitions are necessary, in order to ensure legal certainty. Risk-based determination of scope in accordance with existing industry-specific obligations. No expansion of the existing duty to report for operators of telecommunication networks and services. No expansion of the liability of telemedia service providers. Page 2 of 7

3 Voluntary, encrypted and anonymous reporting, on the basis of existing exchange of information. Notification of customers by Internet Service Providers of evidence of malware can be expedient if it is undertaken voluntarily. However, rigid, bureaucratic duty of notification is rejected by the Internet industry as ineffective and unfeasible. Legal obligations for regional routing should be examined critically and in detail for its usefulness. Determine industry-specific minimum requirements through self-regulation. Support end-to-end encryption. I. General Information Avoid unilateral national actions, observe responsibilities IT Security has been an essential topic for years for the Internet industry. In Germany there is a higher than average level of security in comparison to other countries. This can essentially be attributed to partnership projects between industry and the state at the national and European levels, and to initiatives from the Internet industry. However, the responsibility for a high level of IT Security is, as with all security issues, a task for the whole society. Therefore, in the center of the Federal Government s plans should be the state s own obligation to protect and its own responsibility for the maintenance of IT Security, offensives for research, development and education in the area of IT Security, and the raising of the civil society s awareness of the issue of IT Security. The surveillance scandal surrounding the revelations about the activities of the NSA demonstrates that IT Security means not only national, but also international responsibility, and that the Internet industry, despite all the efforts to create a high level of IT Security, have their limits set by politics. In addition, IT Security in the age of ubiquitous networks can not be guaranteed through national regulation and/or regionally limited protection measures. IT Security requires, rather, international regulations and standards and cross-border protection measures. With regard to the European legislative intentions for a directive on measures to ensure a common high level of network and information security (NIS Directive), there must be agreement and the interlocking of responsibilities and regulations. Any idea of Germany taking unilateral action that does not contribute to legal clarity should be fundamentally re-thought by the Federal Government. Page 3 of 7

4 II. In Detail 1. On the suggestion to create binding minimum requirements for the IT Security of critical infrastructure, and the obligation to report substantial IT Security incidents. With regard to the continuously growing and new challenges in the maintenance of IT Security and the high dependence of German industry on a functioning IT infrastructure, eco welcomes in principle the intentions of the Federal Government to support industry in the raising of IT Security. Legal regulations for the area KRITIS can provide added support. In particular, the potential danger of an outage warrants the far-reaching obligations for operators. Clear legal definitions It is necessary to have a clear legal definition of KRITIS. The defining criteria for critical infrastructure should be set in law, with regard to the consequences for those affected. In addition, clear legal specifications are necessary with regard to minimum requirements for the maintenance of IT Security. Also necessary is a precise definition of the elements of an offence which will trigger the duty to report. A practical definition of a significant IT Security incident needs to be found. The scope should be crosssector, oriented at the security risk for the provider or service provider, in accordance with existing sector-specific security specifications. No expansion of the existing duty to report for operators of telecommunication networks and services. An increase in legal obligations alone will not lead to higher security. The currently occurring exchange of information on security incidents is necessary, and is in the best interests of the entire Internet industry. New duties to report would therefore need to be practicable and economically feasible. The Internet industry takes an exceptionally critical view of the expansion of the duty to report for the operators of publically accessible telecommunication services, over and above the existing obligation to report disruptions with considerable impact on the operation of the network or on the provision of services ( 109 Abs. 5 S.1 TKG), or that involve the violation of the protection of personal data ( 109a Abs. 1 TKG). With regard to the goal to create a better overview of the IT Security situation, which the legislative authority is seeking to achieve with these legal obligations, a legal obligation to report all IT Security incidents that could lead to an interruption of the availability or to unauthorized access to the user s systems 1 is not necessary and, as a result, not justified. While the existing obligation to report violations of the protection of personal data is justified on the grounds of the subject of protection, namely the privacy of the affected person, such legal obligations for all IT Security incidents is unnecessary, with regard to the purpose of the regulation, which is the Federal Government s gaining of 1 As applied in the draft for an IT Security law from 5 March 2013 Page 4 of 7

5 better information about the current IT Security situation. Voluntary reporting is sufficient for the purpose, and is a less intrusive, milder means. Voluntary, anonymous and encrypted reporting eco is of the opinion that the existing voluntary information system, which today consists of a network of public and private CERTs, with the involvement of the BSI and institutions like the Alliance for Cybersecurity and the Advanced Cyber Defence Center, should be expanded and supported. In order to protect company data, reporting should be anonymous and encrypted, which will make an effective and, above all, trustworthy information exchange possible. Legally secure exchange of information It is also necessary to examine the legality of data protection and competition law permissions, to ensure or to clarify that the forwarding of information does not incur an increased risk of liability. Reporting should also not be allowed to be connected to higher operative or technical security risks. 2. On the deliberations with regard to legal obligations for regional routing of data traffic The multifaceted deliberation for regional routing of the data traffic must be examined in detail and critically by the Federal Government, on the grounds of the complexity of the questions related to the discussion. Decisive criteria of such an examination should be its practicability and implementability, taking into account the realities of the network infrastructure. In particular, this should take into account the related technical, legal and economic implications and consequences. Due to the effects on all companies that are involved in the creation of economic value on or with the Internet, eco sees it as their task to encourage a more objective discussion on the topic, and to provide an informed basis. To achieve this, eco will initiate a direct dialog and exchange between those involved. The goal of the discussion should be to make an appraisal with regard to the technical and economic implementability of this issue, and to present this in writing. With this, eco wants to provide a constructive contribution, to give the existing discussion a broader foundation, and to make the discussion more objective. 3. On the suggestion to introduce a duty to notify for Internet providers if evidence of malware or other abuses arises among their customers eco rejects a legal obligation for the telecommunications providers to inform such users of disturbances originating from their data processing systems. The intended duty of notification laid out in the draft from 5 March 2013 emerged as a universal consultancy project which, on this extensive scale, will be an obligation that particularly small and medium-sized providers will not be able to fulfill. A restriction to technically possible and reasonable cases would also not be suitable, as this would not limit with sufficient legal certainty the provider s obligation to act. Page 5 of 7

6 eco also rejects an expansion of the technical responsibility for the protection of ICT systems to all providers in the application area of the Telemedia law (TMG) that are operating on a professional level. In the draft from 5 March 2013, the group of people affected is, with regard to the variety of offers from telemedia services, too broadly defined and too indefinite. Here, the sovereignty over the ICT service alone could be a starting point. The justified concern over the growing dissemination of malware through telemedia services must not lead to the unlimited responsibility of telemedia providers for the technical infrastructure. The Internet industry finds at the very least questionable the justification contained in the draft law from 5 March 2013 that legal terms like reasonableness allow flexible adjustment through case law. Before the industry and the courts are forced into long and costly legal proceedings, it would be preferable to develop more precise regulations. Support existing activities eco advocates, rather, that existing activities of the industry, such as the Anti-Botnet Advisory Center, the Initiative-S and the Advanced Cyber Defence Center be further supported and networked. The initiatives have resulted in a significant reduction in the number of infected computers of private users. Self-regulatory initiatives are based on the practical experience of the industry and are, unlike legal regulations, capable of bringing measures to those places where they seem most necessary. Unclear legal obligations do not automatically lead to better results. On the suggestion to expand the liability of IT producers and service providers eco is critical of the Federal Government s proclamation contained within the coalition contract of their desire to expand the liability of IT manufacturers and service providers. With regard to the assumption of a liability-gap in this area, which forms the basis for the proclamation, eco would like to point to the legal obligations for liability which exist alone as a result of the legal relations between supplier and user, and to the Product Liability Act (Produkthaftungsgesetz). With regard to an expansion of the liability of telecommunications providers, we refer to the remarks under Point On the suggestion for a legal obligation for TC operators for the encryption of their communications connections Here, it is firstly necessary to differentiate between the encryption of individual communication paths and an end-to-end encryption of the entire communication path. We reject as neither practicable nor constructive a legal obligation for TC network operators to encrypt individual communication paths. In contrast, the support of secure end-to-end encryption is a sensible approach to the raising of IT Security, specifically because of the increase in the effort required for many threat-scenarios, from common Page 6 of 7

7 criminals through to secret services. Here it should be taken into account that in the implementation of end-to-end security, the end-devices, which are under the control of the user, must be incorporated. Overall, it is to be desired that the transmission of unencrypted data will reduce. However, we reject on principle legal obligation for this. The focus of the Federal Government in such intentions should rather be the support of practical end-to-end encryption, encryption services and encryption applications, in particular for users. Overall, it is necessary to encourage the awareness for IT Security within the entire society. 5. On the suggestion to guarantee the non-forwarding to European secret services At the European and international levels, the Federal Government must advocate for the enactment of an agreement which mandatorily controls the authority and the limits of the activities of secret services and security agencies and the enforcing of liability and obligations of ICT companies through these agencies. This also concerns especially the handling of cross-border data retention and data processing. Page 7 of 7

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28), Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28), General appreciation of the issues of information security Information

More information

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States 29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States Key data protection points for the trilogue on the data protection directive in the field

More information

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:

More information

Cyber Security Strategy for Germany

Cyber Security Strategy for Germany Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

engagement will not only ensure the best possible law, but will also promote the law s successful implementation.

engagement will not only ensure the best possible law, but will also promote the law s successful implementation. US-China Business Council Comments on The Draft Cybersecurity Law On behalf of the approximately 210 members of the US-China Business Council (USCBC), we appreciate the opportunity to provide comments

More information

Statement on the general concept of the European Union towards Data Protection by Aktion Freiheit statt Angst e.v.; EU Register ID 17019643006-45

Statement on the general concept of the European Union towards Data Protection by Aktion Freiheit statt Angst e.v.; EU Register ID 17019643006-45 Berlin, 10. Januar 2011 Aktion Freiheit statt Angst Rochstr. 3 Directorate-General Justice Unit C3 Data protection European Commission B - 1049 Brussels Statement on the general concept of the European

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Cyber Security Review

Cyber Security Review ISSN 2055-6950 (Print) ISSN 2055-6969 (Online) Cyber Security Review Winter 2014/15 CYBERCRIME AS A NATIONAL SECURITY ISSUE CECSP: TOWARDS EFFECTIVE COLLABORATION ON CYBER SECURITY IN CENTRAL EUROPE TECHNICAL

More information

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century Panel 1 Greater Regulation of Special Threats to Privacy Data Protection in the 21st Century Questions for Panel 1 Greater Regulation of Special Threats to Privacy I. Need for reform What are currently

More information

Trust and transparency. Small Business, Enterprise and Employment Bill: Trust and transparency

Trust and transparency. Small Business, Enterprise and Employment Bill: Trust and transparency Small Business, Enterprise and Employment Bill: 1 Government proposals to increase transparency of ownership and control of UK businesses came a step closer on 25 June 2014 with the publication of the

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Improving self-regulation through (law-based) Corporate Data Protection Officials *

Improving self-regulation through (law-based) Corporate Data Protection Officials * Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for

More information

HOSTING CODE OF CONDUCT (HCC) Notice and take down

HOSTING CODE OF CONDUCT (HCC) Notice and take down HOSTING CODE OF CONDUCT (HCC) Notice and take down PREAMBLE simsa (the Swiss Internet Industry Association) has adopted the present Hosting Code of Conduct ("HCC") in order to lay down technologically

More information

Preservation of longstanding, roles and missions of civilian and intelligence agencies

Preservation of longstanding, roles and missions of civilian and intelligence agencies Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto

More information

Plantview can work in the following modes:

Plantview can work in the following modes: License and Terms of Service THIS LICENSE AND TERMS OF SERVICE CONSTITUTE AN AGREEMENT BETWEEN YOU ( YOU ) AND VIIN GMBH ( VIIN ), WHICH IS THE OWNER AND OPERATOR OF THE PLANTVIEW APPLICATION AND THE ASSOCIATED

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data; Legal Updates & News Legal Updates Pending Changes to California s Data Breach Law: New Burdens for Retailers? September 2007 by Christine E. Lyon, William L. Stern Related Practices: Privacy and Data

More information

Privacy Implications of Cloud Computing in Israel

Privacy Implications of Cloud Computing in Israel January 2012 Privacy Implications of Cloud Computing in Israel Adv. Naomi Assia Co-chairman of the Data Protection Committee -ITECHLAW www.computer-law.co.il Cloud Computing One widely accepted definition

More information

Act on Background Checks

Act on Background Checks NB: Unofficial translation Ministry of Justice, Finland Act on Background Checks (177/2002) Chapter 1 General provisions Section 1 Scope of application (1) This Act applies to background checks, which

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

The impact of Internet content regulation. Prepared by the Commission on E-Business, IT and Telecoms

The impact of Internet content regulation. Prepared by the Commission on E-Business, IT and Telecoms International Chamber of Commerce The world business organization Policy Statement The impact of Internet content regulation Prepared by the Commission on E-Business, IT and Telecoms Introduction Internet

More information

National Plan for Information Infrastructure Protection

National Plan for Information Infrastructure Protection National Plan for Information Infrastructure Protection www.bmi.bund.de Contents 1 Introduction 2 1.1 Germany s information infrastructures 2 1.2 Threats and risks to our information infrastructures 3

More information

I. Background information

I. Background information A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries I. Background information 1. Please indicate your role for the purpose

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

General Conditions of Business INET-CASH with Webmaster. (As of August 09, 2013)

General Conditions of Business INET-CASH with Webmaster. (As of August 09, 2013) 1 General Conditions of Business with Webmaster (As of August 09, 2013) A. General Conditions of Business... 2 1. Contract partners, contractual object... 2 2. Relationship between the parties... 2 3.

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

European Commission Per email: CNECT-H4@ec.europa.eu

European Commission Per email: CNECT-H4@ec.europa.eu Post Bits of Freedom Bank 55 47 06 512 M +31(0)646282693 Postbus 10746 KvK 34 12 12 86 E simone.halink@bof.nl 1001 ES Amsterdam W https://www.bof.nl European Commission Per email: CNECT-H4@ec.europa.eu

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the

CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON THE SECURITY INTELLIGENCE SYSTEM OF THE REPUBLIC OF CROATIA

More information

Directive in German law. Principles.

Directive in German law. Principles. Country Report: Germany Germany has comprehensive cybercrime legislation and up-to-date intellectual property protection in place. The combination of these laws provides reasonable protection for cloud

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique Second Cyber Security Summit, November 11, 2013 in Bonn Final communique On November 11, the Cyber Security Summit was held for the second time in Bonn at the invitation of the Munich Security Conference

More information

Privacy and Transparency for Consumer Trust and Consumer Centrality

Privacy and Transparency for Consumer Trust and Consumer Centrality 1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues

More information

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

GOVERNMENT OF THE REPUBLIC OF LITHUANIA GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For

More information

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

The EBF would like to take the opportunity to note few general remarks on key issues as follows: Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' EUROPEAN COMMISSION Brussels, 2.7.2014 SWD(2014) 214 final COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying

More information

Lobbying: Sweet Smell of Success?

Lobbying: Sweet Smell of Success? Lobbying: Sweet Smell of Success? A case study on the transparency of lobbying around sugar regulation in the European Union and Spain 1. Introduction It is essential that government decision making be

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

Memorandum Cybersecurity - how should the legislation meet the new challenges?

Memorandum Cybersecurity - how should the legislation meet the new challenges? ! Moderator: Carlo Schüpp! Non-Executive Director and cofounder of LSEC! In his opening comments, the moderator Mr Schüpp suggested that many of the issues surrounding cybersecurity are linked to the fact

More information

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES GERMANY September 2007 Kapitel 1 www.coe.int/gmt A. National policy 1. Is there a national policy

More information

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

NB: Unofficial translation, legally binding only in Finnish and Swedish

NB: Unofficial translation, legally binding only in Finnish and Swedish NB: Unofficial translation, legally binding only in Finnish and Swedish Ministry of Employment and the Economy, Finland Act on Authorised Industrial Property Attorneys (22/2014) In accordance with a decision

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD The 2011 2015 Cyber Security Strategy of the Czech Republic is linked to the Security Strategy of the Czech Republic and reflects

More information

What are you trying to secure against Cyber Attack?

What are you trying to secure against Cyber Attack? Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: 1.0 Date: October 2013 Table of Contents 1 Introduction The need for a Data Protection Policy... 3 2 Scope... 3 3 Principles... 3 4 Staff Roles & Responsibilities... 4 5

More information

protection rights are limited. protection rights are limited.

protection rights are limited. protection rights are limited. Score: 44.09 Rank: 22 / 24 Brazil is a fast-growing economy that recognizes the importance of ICT and the digital economy. However, some gaps in law and regulation have acted as barriers to ICT innovation

More information

Licensing Options for Internet Service Providers June 23, 2001 Updated September 25, 2002

Licensing Options for Internet Service Providers June 23, 2001 Updated September 25, 2002 Licensing Options for Internet Service Providers June 23, 2001 Updated September 25, 2002 Some countries require Internet Service Providers ( ISPs ) to obtain government- issued licenses before commencing

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity

More information

GENERAL TERMS OF SALE

GENERAL TERMS OF SALE GENERAL TERMS OF SALE PREAMBLE These General Terms of Sale govern all services provided by PASSWORD EUROPE, regardless of their content, form or where they are performed, including, but not limited to,

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Terms and Conditions for PDF24-Fax-Service

Terms and Conditions for PDF24-Fax-Service THIS TRANSLATION IS FOR YOUR INFORMATION ONLY! THE LEGALLY BINDING DOCUMENT ARE THE TERMS OF USE IN GERMAN, CF. FIGURE 6.2 OF THE TERMS OF USE Terms and Conditions for PDF24-Fax-Service 1 General (1) The

More information

Country: Canada. Score: 75.79 Rank: 9/24

Country: Canada. Score: 75.79 Rank: 9/24 Score: 75.79 Rank: 9/24 Canada is a world leader in ICT adoption and innovation and has played a leading role in the development of international standards. It has a strong commitment to free trade and

More information

Regulation of Investigatory Powers Act 2000

Regulation of Investigatory Powers Act 2000 Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen

More information

DATA PROTECTION LAWS OF THE WORLD. India

DATA PROTECTION LAWS OF THE WORLD. India DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,

More information

Digital Agenda for Europe Cartagena de Indias, September 1, 2015

Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Javier Huerta Bravo From the Digital Agenda (2010)... Commission ICT strategy for 2010-2020 Problems identified: Lack of investment in networks

More information

Legal session: copyright status of statistical data, privacy issues

Legal session: copyright status of statistical data, privacy issues Legal session: copyright status of statistical data, privacy issues JISC Usage Statistics Workshop Pr o f. Dr. Mic h ael S ead l e 1 Statistics as Facts Copyright protects expression, not fact. Facts per

More information

RE: ITI s Comments on Korea s Revised Proposed Bill for the Development of Cloud Computing and Protection of Users

RE: ITI s Comments on Korea s Revised Proposed Bill for the Development of Cloud Computing and Protection of Users July 3, 2013 Jung-tae Kim Director Smart Network & Communications Policy Division Ministry of Science, ICT, and Future Planning (MSIP) Via e-mail to: kchu@msip.go.kr RE: ITI s Comments on Korea s Revised

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

The newly adopted Luxembourg Law on electronic archiving. Luxembourg has taken a crucial step towards a paperless office.

The newly adopted Luxembourg Law on electronic archiving. Luxembourg has taken a crucial step towards a paperless office. The newly adopted Luxembourg Law on electronic archiving Luxembourg has taken a crucial step towards a paperless office. In July 2015, after two years of discussions, the Law relating to electronic archiving

More information

Council of the European Union Brussels, 5 March 2015 (OR. en)

Council of the European Union Brussels, 5 March 2015 (OR. en) Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:

More information

A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries

A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries Questions marked with an asterisk * require an answer to be given.

More information

This letter is to provide you with our views on the minimum criteria for the impact assessment and subsequent legislative proposal.

This letter is to provide you with our views on the minimum criteria for the impact assessment and subsequent legislative proposal. Dear Commissioner Malmström, As you know, we have been closely involved in consultations with the European Commission with regard to the impact assessment on, and probable review of, the Data Retention

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE

More information

Data Privacy & Security in the Cloud: Legal Basics and New Developments

Data Privacy & Security in the Cloud: Legal Basics and New Developments Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data

More information

Clients Legal Needs in HIPAA Security Compliance

Clients Legal Needs in HIPAA Security Compliance Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance

More information

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security

More information

Vijay Pal Dalmia, Advocate Delhi High Court & Supreme Court of India

Vijay Pal Dalmia, Advocate Delhi High Court & Supreme Court of India Intellectual Property & Information Technology Laws Division Flat No 903, Indra Prakash Building, 21, Barakhamba Road, New Delhi 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext

More information

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities

More information

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament September 5, 2012 Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament Lara Comi Rapporteur, Committee on Internal market and Consumer Protection

More information

VoIP Enhanced 911 and Enhanced Wireless 911 Service

VoIP Enhanced 911 and Enhanced Wireless 911 Service VoIP Enhanced 911 and Enhanced Wireless 911 Service This Act deals with enhanced wireless 911 services and Voice over Internet Protocol (VoIP). The bill defines terms that are specific to enhanced wireless

More information

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

Comments and proposals on the Chapter II of the General Data Protection Regulation

Comments and proposals on the Chapter II of the General Data Protection Regulation Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

CROATIAN PARLIAMENT 1364

CROATIAN PARLIAMENT 1364 CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on

More information

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, 28-29 JUNE 2011 The Seoul Declaration on the Future of the Internet Economy adopted at the 2008 OECD

More information

California s New Hacker Disclosure Law and its Potential Impact on Canadian Businesses

California s New Hacker Disclosure Law and its Potential Impact on Canadian Businesses Reprinted from The Lawyers Weekly, August 15, 2003 California s New Hacker Disclosure Law and its Potential Impact on Canadian Businesses Berkley D. Sells Fasken Martineau DuMoulin LLP A California law

More information

Do you have a private life at your workplace?

Do you have a private life at your workplace? Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli In the course of his supervisory activities, the EDPS has published positions on

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

European Commission Consultation document on Voice over IP

European Commission Consultation document on Voice over IP STELLUNGNAHME European Commission Consultation document on Voice over IP This paper provides the eco comment on the European Commission consultation document. eco is the association of German internet

More information

15229/2/15 REV 2 KM/ek 1 DG E2B

15229/2/15 REV 2 KM/ek 1 DG E2B Council of the European Union Brussels, 18 December 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 15229/2/15 REV 2 NOTE From: To: Presidency Permanent Representatives Committee TELECOM 232 DATAPROTECT

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information