Abstract
EU information technology law is built like a multi-storey house: on the ground floor is technology development and on the top floor are regulatory principles and rights; in the middle floor lie standards, which should connect the top with the ground floor. The house is built on the premise that these floors are seamlessly connected, but are they? The multi-storey house was in fact built without staircases, causing a practical disconnect between regulatory principles and technology development. This keynote speech, which draws from the 2023 book ‘Cybersecurity, Privacy and Data Protection in EU law’, will explore why information technology is effaced from EU law in practice, and the implications for cybersecurity, data protection, data markets, identity management, privacy and many other fields. This keynote speech will explore what collaborative approaches may be needed to redesign the EU regulatory architecture.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The New Legislative Framework, originally called ‘New Approach’, is a framework introduced to enable product harmonization in support for the free circulation of goods, and thus instrumental for the development of the Single Market, by providing for common health and safety requirements, mechanisms for market surveillance and conformity assessment. The most recent package was introduced in 2008: https://single-market-economy.ec.europa.eu/single-market/goods/new-legislative-framework_en. For a discussion of the New Approach/NLF and the effacement of technology from EU law, see [1], 148–50, 152 and 154. See also Paul Craig and Gráinne de Búrca, EU Law. Text, Cases and Materials. Oxford, Oxford University Press (2020, seventh edition), chapter 7.
- 2.
Let us take as an example the (negative formulation of the) essence of the right to the protection of personal data discussed in Sect. 1. Neither the law nor courts specify what are the security safeguards that should be included in the legal instrument to ensure the integrity and confidentiality of personal data. The practical determination is pegged to the state of the art and standardization, and is therefore it is driven by the market. This mechanism is discussed in-depth in [1], 193, 258–59, 262–69.
References
Porcedda, M.G.: Cybersecurity, Privacy and Data Protection in EU Law. A Law, Policy and Technology Analysis. Hart Publishing, Oxford (2023)
Charter of Fundamental Rights of the European Union [2012] OJ C 326/391 (CFR)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1
Consolidated versions of the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU), OJ C 83/01 (Lisbon Treaty)
Digital Rights Ireland and Seitlinger and Others, Joined cases C-293/12 and C-594/12, EU:C:2014:238
Opinion 1/15 of 26 July 2017 pursuant to Article 218(11) TFEU EU:C:2017:592
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act or CSA) [2019] OJ L 151/15
Council Implementing Regulation (EU) (2020)
Wuyts, K.: LINDDUN: a Privacy Threat Analysis Framework
Danezis, G., et al.: Privacy and data protection by design – from policy to engineering (ENISA) (2014)
Hoepman, J-H.: Privacy by Design Strategies (The Little Blue Book) (2022)
Lessig, L: Code: And Other Laws of Cyberspace. Version 2.0. Basic Books, New York (2006)
Reidenberg, J.R.: Lex informatica: the formulation of information policy rules through technology. Tex. Law Rev. 76, 553 (1998)
Gellert, R.: The Risk-Based Approach to Data Protection. Oxford University Press, Oxford (2020)
Stichting Rookpreventie Jeugd and others, C-160/20, EU:C:2022:101
Shackelford, S.J., Russell, S., Haut, J.: Bottoms up: a comparison of voluntary cybersecurity frameworks. UC Davis Bus. Law J. 16, 217–260 (2020)
Peng, S.Y.: ‘Private’ Cybersecurity Standards? Cyberspace Governance, Multistakeholderism and the (ir)relevance of the TBT Regime’ Cornell Int. Law J. 15 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Porcedda, M.G. (2024). The Effacement of Information Technology from EU Law: The Need for Collaborative Approaches to Redesign the EU’s Regulatory Architecture. In: Bieker, F., de Conca, S., Gruschka, N., Jensen, M., Schiering, I. (eds) Privacy and Identity Management. Sharing in a Digital World. Privacy and Identity 2023. IFIP Advances in Information and Communication Technology, vol 695. Springer, Cham. https://doi.org/10.1007/978-3-031-57978-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-57978-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57977-6
Online ISBN: 978-3-031-57978-3
eBook Packages: Computer ScienceComputer Science (R0)
