Canvas White Paper 2 Cybersecurity and Law

This White Paper explores the legal dimensions of the European Union (EU)’s value-driven cybersecurity by investigating the notions of ‘value-driven’ and ‘cybersecurity’ from the perspective of EU law. It starts with a general overview of legal issues in current value-driven cybersecurity debates (Chapter 2), showing how values embedded within the framework of EU governing treaties have evolved during the integration process, and the important role they play in the cybersecurity regulation at EU level. Chapter 3 of the White Paper is devoted to the main critical challenges in this area: 1) the varied and sometimes unclear uses of the term ‘cybersecurity’, 2) the roles of stakeholders and the cooperation between them, and the 3) securitization of EU values and interests through cybersecurity rules. Chapter 4 points out and describes specific controversies concerning cybersecurity regulation in the EU. Ten disputed issues are given particular attention: 1) the functioning of human rights as drivers for EU regulation, 2) the regulation of risks to society through individual risk identification and proactive action, 3) the attribution of roles to different stakeholders, 4) how individuals are being awarded with more rights, 5) controllership of data, 6) copyright protection, 7) regulation of online content, 8) the use of encryption, 9) permissibility of massive and generalised surveillance of individuals and 10) counterterrorism measures. Chapter 5 summarises the main findings of the literature review. The White Paper recognises that legislative and policy measures within the cybersecurity domain challenge EU fundamental rights and principles, stemming from EU values. The White Paper concludes that with the constantly growing number of EU measures governing the cybersecurity domain, the embedment of EU values enshrined in the EU Charter within these measures take place both on an ex ante and an ex post basis

Canvas White Paper 3 Attitudes and Opinions Regarding Cybersecurity

As we rely more and more on information and communication technology, cybersecurity becomes both essential and problematic to our societies. On the one hand, cybersecurity is essential to pre-vent cyber threats from undermining citizens’ trust and confidence not only in the digital infrastruc-ture but in policy makers and state authorities as well. On the other hand, cybersecurity is problem-atic because enforcing it may endanger fundamental values like equality, fairness, autonomy, or pri-vacy. The CANVAS project aims to foster value-driven cybersecurity, with respect to European values and fundamental rights. Its first milestone is to consolidate existing knowledge and data related to cyber-security in four areas, namely the ethical, legal, empirical, and technological domains. This White Paper summarises currently available empirical data about attitudes and opinions of citizens and state actors regarding cybersecurity. It describes what these stakeholders generally think, what they feel, and what they do about cyber threats and security (counter)measures. For citizens’ perspectives, three social spheres of particular interest are exam-ined: 1) health, 2) business, 3) police and national security. This unique synthesis builds on a variety of sources with both quantitative and qualitative data. For citizens’ perspectives, our sources include reports from EU projects and Eurobarometer surveys, as well as additional scientific papers. As for state actors’ perspectives, they rely essentially on policy documents, as they are the most relevant data available

Cloud Computing: Legal Analysis

The report identifies critical issues of cloud computing with respect to the current European data protection legislation. The legal foundations of European privacy & data protection and their basic principles will be presented, focusing mainly on the requirements of the EU Data Protection Directive 95/46/EC. The provisions of accountability of data processors and controllers will be explained and the conditions under which lawful data processing can take place will be analysed. The additional challenges of cross-border data transfers in a cloud environment will be discussed. Finally, this report highlights possible resolutions and draws conclusions by forecasting future legal challenges of cloud computing

Cloud Computing: Solutions and Enablers

This report aims at identifying solutions and enablers to lawfully make use of cloud computing. To adequately protect personal data while using cloud computing, the risks need to be mitigated on three levels: politically, contractually, and technically. We describe measures and approaches on the three levels that aim at enabling cloud computing and enhancing privacy and security

Opportunities and Challenges of Dynamic Consent in Commercial Big Data Analytics

In the context of big data analytics, the possibilities and demands of online data services may change rapidly, and with it change scenarios related to the processing of personal data. Such changes may pose challenges with respect to legal requirements such as a transparency and consent, and therefore call for novel methods to address the legal and conceptual issues that arise in its course. We define the concept of ‘dynamic consent’ as a means to meet the challenge of acquiring consent in a commercial use case that faces change with respect to re-purposing the processing of personal data with the goal to implement new data services. We present a prototypical implementation that facilitates incremental consent forms based on dynamic consent. We report the results gained via two focus groups which we used to evaluate our design, and derive from our findings implications for future directions

The Operationalisation of Transparency in VALCRI

This White Paper presents some research and findings from the EU-funded R&D project VALCRI with regard to the requirement of transparency from legal, ethical, and data protection perspective. Thereby, it addresses difficulties of transparency operationalization and presents possible solution approaches, which are linked to recent R&D in the realm of data, process and reasoning provenance.The research leading to the results reported here has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) through Project VALCRI, European Commission Grant Agreement Number FP7-IP-608142, awarded to Middlesex University and partners.status: publishe

Cloud Computing – Data Protection Impact Assessment

We compare and evaluate existing frameworks for a Privacy Impact Assessment and propose based on this survey a novel methodology for a Data Protection Impact Assessment in the context of cloud computing and the TClouds project