Category Archives: legislation

Cyber security top of the list for European Commission after launch of €1.8bn initiative

EuropeThe European Commission has launched a new public-private partnership aimed at tackling the challenges of cyber security, and helping European companies become more competitive, reports

As part of the partnership, the EC will invest roughly €450 million, and will encourage industry to contribute healthily, targeting a total investment of €1.8 billion by 2020. The new initiative will take form through four pillars.

Firstly, the EC will encourage member states to make the most of the cooperation mechanisms under the new Network and Information Security (NIS) directive. Secondly, the EC will explore the possibility of creating a framework for certification of security products, which can then be distributed in any member state. Thirdly, the EC will establish a contractual public-private partnership with industry to nurture innovation. And finally, the team will create funds to enable SME’s to source investment and scale up.

“Europe needs high quality, affordable and interoperable cybersecurity products and services,” said Günther H. Oettinger, Commissioner for the Digital Economy and Society. “There is a major opportunity for our cybersecurity industry to compete in a fast-growing global market. We call on Member States and all cybersecurity bodies to strengthen cooperation and pool their knowledge, information and expertise to increase Europe’s cyber resilience. The milestone partnership on cybersecurity signed today with the industry is a major step.”

The new strategy builds on the EC’s ‘Open, Safe and Secure Cyberspace’ strategy which was launched in 2013 to ‘protect open internet and online freedom and opportunity’. While the initiative has launched a number of new legislative actions, there would appear to be little evidence much else has been achieved aside from ‘ensuring cooperation’, ‘ensuring a culture of security’ and ‘stepping up cooperation across Europe’. While previous work has been generalist and vague, the new proposition does at least offer encouragement there will be more concrete work achieved.

The NIS directive will support strategic cooperation and exchange of relevant information between member states, as well as creating a number of new bodies including EU Agency for Network and Information Security (ENISA), EU Computer Emergency Response Team (CERT-EU) and European Cybercrime Centre (EC3) at Europol. The plan will be to deliver a blueprint during the first half of 2017, and then deliver the initiative in an undefined timeframe. The EC has outlined a specific plan, though the lack of a timeframe seemingly removes some of the gained credibility.

“Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders,” said Andrus Ansip, Vice-President for the Digital Single Market. “Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”

UK Competition and Markets Authority gives cloud providers a telling off

The seamstress the neck sews clothes in the StudioThe Competition and Markets Authority (CMA) is concerned a proportion of cloud storage providers could breach consumer protection law in their terms and conditions, as well as business practises.

Alongside the report, the CMA has sent an open letter to all cloud providers outlining guidance on how the organization can ensure they remain true to the Consumer Rights Act 2015, as well as advice to consumers on the topic.

The concerns are mainly focused around three areas. Firstly, some cloud providers are currently able to change the service or the terms of the contract without giving customers prior notice. Secondly, the cloud provider currently has the ability to suspend or terminate the contract without notice for any reason. And finally, cloud providers are able to automatically renew a contract at the end of a fixed term without giving notice or withdrawal rights.

“Cloud storage offers a convenient means of keeping family photos, favourite music and films and important documents safe, and accessing them quickly from any device,” said Nisha Arora, CMA Senior Director for Consumer. “Our review found that people find these services really valuable. However, we also heard some complaints resulting from unfair terms in contracts. If left unchanged, these terms could result in people losing access to their treasured possessions or facing unexpected charges.

“In this rapidly-developing market, it’s important that we act now to ensure that businesses comply with the law and that consumers’ trust in these valuable services is maintained. We welcome the fact that a number of companies have already agreed to change their terms, and expect to see improvements from other companies.”

Although the CMA has not confirmed which cloud providers were potentially in breach of consumer protection law, it did comment Dixons Carphone, JustCloud and Livedrive have committed to changing their terms, as well as business practises.

The CMA also commented that while they were confident there would not be any breaches of consumer protection law following the report, any non-compliance in the future could lead to enforcement action and the CMA could apply to a court for an enforcement order. If that were breached it could be contempt of court and lead to an unlimited fine.