Digital Single Market - Building Trust across Europe (1)
As the European Commission’s plans for the development of a Digital Single Market (DSM) begin to gather pace, concerns are growing around how the scheme will impact current privacy and cyber security readiness and best practices.
The potential benefits of DSM are huge. Currently, only 15 percent of online shoppers in the EU buy something in another country while only 7 percent of small and medium-sized businesses sell across national borders. As the internet economy becomes more prominent it makes sense to enable cross-border commerce in an environment that provides same guarantees and conditions, including cybersecurity and privacy, across the EU. Aiming to “tear down regulatory walls and finally move from 28 national markets to a single one” - the initiative has certainly noble intentions.
The plans for DSM centre on three key pillars:
- Providing seamless access to digital services throughout the region
- Setting the conditions of this access
- The promotion of economic growth, based on potential of sharing and using data
Unsurprisingly, when it comes to the data-driven economy, security and privacy are crucial. These concerns are consistent across all of the member states, but current status and practices can vary. This is why it is as a matter of urgency that common EU rules and regulations for data protection and cyber security are established.
As the DSM is still in its development, conversations around protection requirements for different categories of cross-border digital services have to remain at a high level of abstraction.
That said, the consensus is beginning to lean towards placing the onus for data protection on market operators; asking member states to agree to a minimum level of security or privacy controls and obligatory notifications of breaches. While these control sets are already adopted and implemented by market operators present in a number of countries, they are often disparate and conflicting which can lead to serious challenges in interoperability.
Coco Cloud project
The standardisation of Service Level Agreements (SLAs), that also address security and privacy metrics, could be an important part of the cyber security perspective of the DSM. There is also work to be done in developing a form of SLA automation that would enable continuous monitoring of DSM related regulation compliance. Using machine-readable language for data sharing part of SLAs, for example, consumers could even be sure that data usage and protection rules are being rigorously enforced, as it was demonstrated in European Coco Cloud project. This also means that should a provider agree to delete third party data (once the service contract is finished) then the action is taken automatically by enforcing data usage rules attached to that data.
Ultimately, a DSM should go some way in reducing the risk of cyber security threats across EU. By setting in place minimum privacy and cybersecurity requirements, it also increases a level of trust between member states.
In my next blog, I’ll be looking at the five steps organisations must take to prepare themselves in a Digital Single Market…