Following the Commission Recommendation for a common European approach to the security of 5G networks, 24 EU Member States have now completed the first step and submitted national risk assessments. These assessments will feed into the next phase, a EU-wide risk assessment which will be completed by 1 October. Commissioner for the Security Union, Julian King, and Commissioner for the Digital Economy and Society, Mariya Gabriel, welcomed this important step forward and said:
“We are pleased to see that most Member States have now submitted their risk assessments. Following the support expressed by the European Council on 22 March for a concerted approach, Member States responded promptly to our call for concrete measures to help ensure the cybersecurity of 5G networks across the EU. The national risk assessments are essential to make sure that Member States are adequately prepared for the deployment of the next generation of wireless connectivity that will soon form the backbone of our societies and economies.
We urge Member States to remain committed to the concerted approach and to use this important step to gain momentum for a swift and secure rollout of 5G networks. Close EU-wide cooperation is essential both for achieving strong cybersecurity and for reaping the full benefits, which 5G will have to offer for people and businesses.
The completion of the risk assessments underlines the commitment of Member States not only to set high standards for security but also to make full use of this groundbreaking technology. We hope that the outcomes will be taken into account in the process of 5G spectrum auctions and network deployment, which is taking place across the EU now and in the coming months. Several Member States have already taken steps to reinforce applicable security requirements while others are considering introducing new measures in the near future.
We need all key players, big and small, to accelerate their efforts and join us in building a common framework aimed at ensuring consistently high levels of security. We look forward to continuing our close cooperation with Member States as we begin the work on an EU-wide risk assessment, due to be complete by 1 October, that will help to develop a European approach to protecting the integrity of 5G.”
National risk assessments include an overview of:
· the main threats and actors affecting 5G networks;
· the degree of sensitivity of 5G network components and functions as well as other assets; and
· various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.
In addition, the work on national risk assessments involved a range of responsible actors in the Member States, including cybersecurity and telecommunication authorities and security and intelligence services, strengthening their cooperation and coordination.
Based on the information received, Member States, together with the Commission and the EU Agency for Cybersecurity (ENISA), will prepare a coordinated EU-wide risk assessment by 1 October 2019. In parallel, ENISA is analysing the 5G threat landscape as an additional input.
By 31 December 2019, the NIS Cooperation Group that leads the cooperation efforts together with the Commission will develop and agree on a toolbox of mitigating measures to address the risks identified in the risk assessments at Member State and EU level.
Following the recent entry into force of the Cybersecurity Act at the end of June, the Commission and the EU Agency for Cybersecurity will set up an EU-wide certification framework. Member States are encouraged to cooperate with the Commission and the EU Agency for Cybersecurity to prioritise a certification scheme covering 5G networks and equipment.
By 1 October 2020, Member States should assess in cooperation with the Commission, the effects of measures taken to determine whether there is a need for further action. This assessment should take into account the coordinated European risk assessment.
Fifth generation (5G) networks will form essential digital infrastructure in the future, connecting billions of objects and systems, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems.
The European Commission recommended on 26 March 2019 a set of concrete actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures, following the support from Heads of State or Government for a concerted approach to the security of 5G networks.
The Commission called on Member States to complete national risk assessments and review national measures as well as to work together at EU level on a coordinated risk assessment and a common toolbox of mitigating measures.
Creating a common approach to the digital economy and Industry 4.0
The United Nations Industrial Development Organization (UNIDO) participated in a forum of the Commonwealth Telecommunications Organisation (CTO) to discuss how international organizations can promote the development of the ICT infrastructure and new technologies in order to realize digital economies.
Mr. Bernardo Calzadilla-Sarmiento, UNIDO’s Director of the Department of Trade, Investment and Innovation, highlighted UNIDO’s role and functions in leveraging the potential of Industry 4.0 to meet the sustainable development goals (SDGs). Technical cooperation, developing new norms and standards, and the convening of stakeholders and partnerships to share best practices are ways of enabling this.
“Industry 4.0 is going to bring about far reaching changes and governments must implement best practices to address these important challenges.”
More than a dozen international bodies took part in the forum, including the African Union, ASEAN, the OECD and the World Economic Forum, who all agreed that public-private partnerships are key to combat the existing digital divide, both in terms of infrastructure and technical solutions, which include building capacities and using innovation in ICT.
The International Telecommunication Union further highlighted the need to support the development of and harmonization of international standards, which survey the readiness of enterprises for Industry 4.0.
APEC Strengthens Trust with Data Protection System
Data protection in the Asia-Pacific region has just received a significant boost with the appointment of the Infocomm Media Development Authority (IMDA) by Singapore as its accountability agent. Singapore joined the APEC Cross-Border Privacy Rules (CBPR) system in March last year and has become the third economy after the United States and Japan to operationalize the system.
Adopted in 2011 and endorsed by the 21 APEC Leaders, the CBPR system allows participating businesses and other organizations to develop their own internal rules and policies consistent with the specific CBPR program requirements upon which the certification is based in order to secure cross-border data privacy.
As accountability agents, IMDA will ensure the privacy policies and practices of participating organizations comply with the APEC CBPR and Privacy Recognition for Processors (PRP) through independent third party assessments before certifying them.
“The appointment of the IMDA by Singapore as the new accountability agent of the CBPR system shows the deep commitment from members to pursue a better data protection mechanism that does not hinder innovation and development,” said Shannon Coe, Chair of the APEC Electronic Commerce Steering Group.
Data protection is an urgent issue for businesses in the region, which is home to 45 per cent of the world’s internet users—about 1.99 billion people. People and businesses are connected globally, with more and more data flowing across borders.
“Trust is key to the growth and development of the digital economy,” added Coe. ”A strong data protection system is beneficial for both businesses and consumers and furthers participation in the digital economy.”
The approval of the IMDA as an accountability agent in Singapore was reached by the Joint Oversight Panel of the APEC Electronic Commerce Steering Group, which administers the APEC CBPR system. IMDA will join other accountability agents such as Schellman & Company, TrustArc in the United States and the Japan Institute for Promotion of Digital Economy and Community (JIPDEC) in Japan.
“In APEC, we are working to include more people to participate in the economy through digital trade and related processes. We can achieve this by ensuring that we have the right system in place to protect consumers’ data. This builds not only trust, but confidence for both consumers and the businesses,” said APEC Secretariat Executive Director, Dr Rebecca Sta Maria.
There are currently eight participating APEC economies in the CBPR system, including Australia, Canada, the Republic of Korea, Japan, Mexico, Singapore, Chinese Taipei and the United States.
GDPR shows results, but work needs to continue
Just over one year after the entry into application of the General Data Protection Regulation, the European Commission has published today a report looking at the impact of the EU data protection rules, and how implementation can be improved further. The report concludes that most Member States have set up the necessary legal framework, and that the new system strengthening the enforcement of the data protection rules is falling into place. Businesses are developing a compliance culture, while citizens are becoming more aware of their rights. At the same time, convergence towards high data protection standards is progressing at international level.
Frans Timmermans, First Vice-President of the European Commission, said: “The European Union strives to stay at the forefront of the protection of personal rights in the digital transformation while seizing the many opportunities it offers for jobs and innovation. Data is becoming an invaluable element for a booming digital economy and is playing an increasingly vital role in developing innovative systems and machine learning. It is essential for us to shape the global field for the development of the technological revolution and for its proper use in full respect of individual rights.”
Věra Jourová, Commissioner for Justice, Consumers and Gender Equality added: “The General Data Protection Regulation is bearing fruit. It equips Europeans with strong tools to address the challenges of digitalisation and puts them in control of their personal data. It gives businesses opportunities to make the most of the digital revolution, while ensuring people’s trust in it. Beyond Europe, it opens up possibilities for digital diplomacy to promote data flows based on high standards between countries that share EU values. But work needs to continue for the new data protection regime to become fully operational and effective.”
The GDPR has made EU citizens increasingly aware of data protection rules and of their rights, as indicated by a Eurobarometer survey published in May 2019. However, only 20% of Europeans know which public authority is responsible for protecting their data. This is why the European Commission has launched this summer a new campaign to encourage Europeans to read privacy statements and to optimise their privacy settings.
While the new data protection rules have achieved many of their objectives, the Commission’s communication also sets out concrete steps to further strengthen these rules and their application:
One continent, one law: Today, all but three Member States – Greece, Portugal and Slovenia – have updated their national data protection laws in line with EU rules. The Commission will continue to monitor Member State laws to ensure that when they specify the GDPR in national laws, it remains in line with the Regulation and that their national laws are not a gold-plating exercise. If needed, the Commission will not hesitate to use the tools at its disposal, including infringements, to make sure Member States correctly transpose and apply the rules.
Businesses are adapting their practices: Compliance with the Regulation has helped companies increase the security of their data and develop privacy as a competitive advantage. The Commission will support the GDPR toolbox for businesses to facilitate compliance, such as standard contractual clauses, codes of conduct and new certification mechanism. In addition, the Commission will continue supporting SMEs in applying the rules.
Stronger role of data protection authorities: The Regulation has given national data protection authorities more powers to enforce the rules. During the first year, national data protection authorities have made use of these new powers effectively when necessary. Data protection authorities are also cooperating more closely within the European Data Protection Board. By the end of June 2019, the cooperation mechanism had managed 516 cross-border cases. The Board should step up its leadership and continue building an EU-wide data protection culture. The Commission also encourages national data protection authorities to pool their efforts for instance by conducting joint investigations. The European Commission will continue to fund national data protection authorities in their efforts to reach out to stakeholders.
EU rules as reference for stronger data protection standards across the globe: As more and more countries across the world equip themselves with modern data protection rules, they use the EU data protection standard as a reference point. This upwards convergence is opening up new opportunities for safe data flows between the EU and third countries. The Commission will further intensify its dialogues on adequacy, including in the area of law enforcement. In particular, it aims at concluding the ongoing negotiations with the Republic of Korea in the coming months. Beyond adequacy, the Commission aims to explore the possibility to build multilateral frameworks to exchange data with trust.
In line with the General Data Protection Regulation, the Commission will report on its implementation in 2020 to assess the progress made after two years of application including on the review of the 11 adequacy decisions adopted under the 1995 Directive.
The General Data Protection Regulation is a single set of rules with a common EU approach to the protection of personal data, directly applicable in the member States. It reinforces trust by putting individuals back in control of their personal data and at the same time guarantees the free flow of personal data between EU Member States. The protection of personal data is a fundamental right in the European Union.
The GDPR has been applicable since 25 May 2018. Since then, nearly all Member States have adapted their national laws in the light of GDPR. The national Data Protection Authorities are in charge of enforcing the new rules and are better coordinating their actions through new cooperation mechanisms and the European Data Protection Board. They are issuing guidelines on key aspects of the GDPR to support the implementation of the new rules.
Abrogation of Article 370 and Indian Plan for Plebiscite in Jammu & Kashmir
Since 2014 India is being ruled by a Hindu ultra-nationalist party of Bhartiya Jannta Party (BJP) and extremist Narendra Modi...
Addressing Economic Challenges in Africa Through Deep Investments
The African continent comprises a diverse collection of countries, each with its own set of challenges. The governance of individual...
The Threat to Life from Ocean Microplastics
Authors: Meena Miriam Yust and Arshad Khan When Chelsea Rochman at the University of Toronto and colleagues began their study on medakas...
5 tips to make the most out of your workout routine
Whether you’re hitting the gym to get healthy, tone up or improve your overall well-being, there’s no denying that seeing...
Trips that transform: How airline miles can transform a child’s life
Maksim was just a few months shy of 2 years old when his parents rushed him to the emergency room...
Scaling up support for sustainable development: Mongolia on the rise
Mongolia’s economic rebound in recent years reveals a country rising up to the challenges borne from adverse economic shocks. The...
Hacking of the Newswires connected with Trading: A refresher for the business community
This case I am touching on is regarding Leonid Momotok in which he and other traders used insider trading information...
Russia3 days ago
Battle for the Arctic: Friends and foes
Southeast Asia3 days ago
South-East Asia youth survey: Skills prized over salary
Middle East23 hours ago
“Today Saudi Arabia finally lost the war on Yemen.”
Americas2 days ago
U.S.-North Korea Nuclear War: Assessing Plausible Risks
Defense2 days ago
Kashmir: A Nuclear Flash Point
East Asia2 days ago
Deeper meanings of the Hong Kong protests: Is China a gamechanger or yet another winner?
Middle East2 days ago
Business and boxing: two sides of the same coin
South Asia1 day ago
The Likely Outcome of Narendra Modi’s Unconstitutional Seizure of Kashmir