An overhaul of our approach to making technology law is required to achieve cybersecurity while safeguarding the fundamental rights to privacy and data protection, according to the author of a new book.
”We must reconsider the interplay between technology development, standardisation and legislation against the background of geopolitical competition over technology and cybersovereignty,” says Maria Grazia Porcedda, Assistant Professor, School of Law at Trinity College Dublin and member of the ADAPT Centre, who is the author of a new book entitled ‘Cybersecurity, Privacy and Data Protection in EU Law – A Law, Policy and Technology Analysis’.
The book, published by Bloomsbury’s Hart Publishing, provides an analysis of the legal, policy and technological perspectives to capture the essence of the relationship between cyber security, privacy and data protection in EU law. The book was launched at an event in Trinity College Dublin yesterday evening.
Dr Porcedda, who is an expert in information technology law, says that it may be possible to achieve cybersecurity while safeguarding the fundamental rights to privacy and data protection, but this will only be achieved as a result of a brave rethinking of our ways to regulate technology.
“Current digital legal frameworks in the EU are premised on the notion that technology development, standardisation and legislation are seamlessly intertwined, but they are in fact disjointed. In this way, technology is simply effaced from the law and it becomes harder to build law’s expectations into practical tools. Furthermore, the same regulatory schema are being replicated across all areas of EU digital policymaking without adequate consideration of the impact of these legal frameworks,” she adds.
“For historical reasons, laws addressing cyberspace and digital technologies do not explicitly name the technologies in question. The implementation of these laws is left to mechanisms that are more informal and voluntary, which cannot, on their own, meet the law’s goals of reconciling business or state interests with a high level of protection of rights. Higher courts, such as the Court of Justice of the European Union, as a result cannot redress this shortcoming because they must interpret laws as they are and they cannot engage with technology if the technology has been effaced from the law.”
“Consequently, the relationship between cybersecurity, privacy and data protection ends up being decided on a case-by-case basis, depending on the technologies used in practice. This prevents a unified approach that can deliver high levels of protection of cybersecurity, privacy and data protection and decide on the level of reconciliation we want. To get the best of both worlds, we need for the law to engage with its technological implementation, and this is an inherently political process.”
“Addressing this question is crucial for European democratic societies, where information technologies have taken centre stage in all areas of communal life,” she concluded.