The implementation of GDPR was a marked move forward both for data privacy and data protection and for Europe in tackling a global problem. GDPR came into play in May 2018 and many companies have achieved compliance whilst others have already been issued massive fines for data privacy violations.
Other countries are taking a lead from the EU’s GDPR
In the US, there is no wide-reaching, all encompassing, federal data protection regulation like GDPR. There are federal laws which are often sector-specific and focus on certain types of data, according to ICLG’s US Data Protection 2019 report.
The US Federal Trade Commission (FTC) can use the Federal Trade Commission Act to issue some enforcement actions to “protect consumers against unfair or deceptive practices and to enforce federal privacy and data protection regulations.”
State legislation in the US is slightly different. State laws very in their breadth from one to another and many states are developing new regulations. Massachusetts has had stronger data protection regulation for some time. California is viewed as a “privacy-forward” state, as per ICLG, and the California Consumer Privacy Act (CCPA) will be implemented as of January 1, 2020. Legislation from New York is currently being considered by legislators.
The EU could begin to dominate the cybersecurity landscape globally
Jody Westby, CEO of consulting form Global Cyber Risk, writing for Forbes this week says the EU may be “about to seize the global lead on cybersecurity.” And, that the EU’s actions over the past six years may have positioned it to become the “global leader.” According to Westby, the EU has established cybersecurity requirements for Operators of Essential Services (OES) companies and digital service providers (DSPs). It has implemented a certification framework for digital products, services and processes. With the implementation of the recent EU Cybersecurity Act the European Network and Information Security Agency (ENISA) expanded its role and became a permanent government agency. Westby writes:
“When the EU decides to pursue a topic, it allocates money to match its intentions.”
The EU Cybersecurity Act channels funds to ENISA’s budget and the organisation is also funded generally by the EU, member states, and grants. Cybersecurity is a “high priority” for the government of the EU, the European Commission. It has allocated $2 billion from its 2021-2027 budget to “safeguarding the EU’s digital economy.”
This funding will finance “state-of-the-art” cybersecurity equipment and infrastructure. Additional funding is planned from Horizon Europe, the EU’s €100 billion seven-year science and innovation program.
Westby says the EU, as well as being focused on security, hopes to strengthen the European economy and points to the first line of the EU Cybersecurity Act:
“Network and information systems and electronic communications networks and services play a vital role in society and have become the backbone of economic growth.”
The act also suggests the EU should develop closer cooperation with “universities and research entities” which will “contribute to reducing dependence on cybersecurity products and services from outside the Union and to reinforce supply chains inside the Union.”
Supporting Europe’s cybersecurity industry
It’s not just GDPR, the EU Cybersecurity Act, and development of ENISA, that may contribute to Europe’s lead in the fight against cybercrime. In the EU’s State of the Union it announced the creation of a Network of Cybersecurity Competence Centers (Network) to increase the competitiveness of the EU’s cybersecurity industry. This Network is set to be managed by an equally new European Cybersecurity Industrial, Technology, and Research Competence Center. The new center will support and drive cybersecurity development as well as financing and providing technical assistance to infant cybersecurity companies.
In addition to these new initiatives Westby describes the EU’s longer standing commitment to data privacy which began with the Data Protection Act and has now culminated in GDPR. She also notes the vast number of directives, policies, and frameworks to come from EU bodies to support its goals and member states. She writes:
“A legal framework, reliable publications and materials that can guide all stakeholders, and the draw of aligning with 30 countries is a powerful pull for countries trying to adapt their laws and regulations to a digital world.”
And adds that other countries are striving to emulate the EU both to keep up and to be compliant to work with EU countries. Westby suggests the US may have lost its lead on cybersecurity and US businesses may “end up having to follow EU cybersecurity regulations.”
The European Union’s law enforcers, Europol, is also focused on cybersecurity and has recently published its 2019 cybercrime report. As well as using tools to fight cybercrime it recommends a holistic look at cybersecurity. This could include strategy, prevention, education, security awareness and developing stronger natural cyber security skill sets for all technology users. This latter can start in the workplace. Cybersecurity is no longer just the realm of the IT department, it’s the responsibility of every employee from CEO to trainee and it’s also the responsibility of governments and law enforcers.