Review of the EU Regulatory Framework for Electronic Communication Networks and Services (ePrivacy Directive) |
Background |
In light of the comments received during the public consultation and the evaluations and analyses provided in the expert studies conducted on behalf of the Commission, the Commission services will prepare proposals to amend the current legislation in force in order to take account of market changes and technological developments that have already happened and those that are expected in the sector, as well as to take account of experience to date with the framework. The proposals are expected to include specific recommendations to improve security, including a proposal for data breach notification for ISPs and network providers and an obligation to take minimum security measures. |
Expected Timing |
Initially scheduled for early 2007, the proposals are now expected to be published in October 2007. Following final adoption, legislation is expected to enter into force in 2010. |
Institutions Involved |
European Commission (initial proposal); European Parliament (co-decision); Council / Member States (co-decision)
|
Potential Impact |
- Introduction of data breach notification for ISPs and network providers
- Obligation for ISPs and Network Providers to take minimum security measures
|
Further Information |
http://europa.eu.int/information_society/policy/ecomm/tomorrow/roadmap/index_en.htm#communication1
|
European Programme for Critical Infrastructure Protection |
Background |
Pursuant to the Communication of the Commission on CIP in the fight against Terrorism, the Commission has proposed additional measures to strengthen existing instruments mainly by the establishment of a European programme for Critical Infrastructure Protection (EPCIP). The new proposals establish a procedure for the identification and designation of European Critical Infrastructures (ECI), and a common approach to the assessment of the needs to improve the protection of such infrastructure. Non-binding measures designed to facilitate the implementation of EPCIP include an EPCIP Action Plan, the Critical Infrastructure Warning Information Network (CIWIN), the use of CIP expert groups at EU level, CIP information sharing processes and the identification and analysis of interdependencies. Operators of identified CI will be obliged to establish an operator security plan and appoint a Security Liaison Officer. |
Expected Timing |
Initial proposal presented by the Commission in December 2006 (legislative). Member States to discuss proposals on 12/13 June 2007 (JLS Council) European Parliament non-binding opinion in the course of 2007 |
Institutions Involved |
European Commission (initial proposal); Council / Member States (decision maker); European Parliament (consulted - non binding) |
Potential Impact |
- Development of sector specific security plans (Commission will designate on a yearly basis which sectors are deemed of critical importance)
- Funding available for CIP related measures under Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks"
- Structured approach towards security in the context of CIP
|
Further Information |
http://ec.europa.eu/justice_home/fsj/terrorism/protection/fsj_terrorism_protection_infrastruct_en.htm
|
Commission Communication on fighting spam, spyware and malicious software |
Background |
In this Communication, the Communication takes stock of efforts so far and identifies further actions to be taken. It notes that 50-80% of e-mails are spam costing major European economies (Germany, UK and France) around 3,5 billion Euro. It recognizes that moderate investments to fight spam can deliver significant result, e.g. in the Netherlands a 570,000 Euro investment in equipment to fight spam resulted in an 85% reduction. In addition it touches upon the effects of phishing, spyware and malware. Going forward, the Communication makes a number of specific recommendations for proposed actions by Member States, Industry and the Commission (all non-binding). |
Expected Timing |
Initial proposal presented by the Commission in November 2006 (non-legislative). Member States to discuss proposal (timing tbc) European Parliament to draft opinion (timing tbc) |
Institutions Involved |
European Commission (initial proposal); Member States; European Parliament |
Potential Impact |
- Heightened awareness of threat posed by spam, spyware and malware
- Implementation of recommendations by European Commission which include amongst others: ISPs to apply a filtering policy which ensures compliance with the recommendation and guidance on e-mail filtering and Member States to involve market players at national level, drawing on their expertise and available information
N.B. The document refers to the legislative proposals that will be included to strengthen the rules in the area of privacy and security in the communications sector (the review of the regulatory framework for electronic communication networks and services) and the development of a policy on cybercrime as additional measures in this area. |
Further Information |
http://eur-lex.europa.eu/LexUriServ/site/en/com/2006/com2006_0688en01.pdf
|
Communication on the fight against Cyber Crime |
Background |
The communication on cyber crime sets out the future approach of the EU-wide combat against cyber crime. The policy aims to include improved operational law enforcement cooperation; better political cooperation and coordination between Member States; political and legal cooperation with third countries; awareness raining; training; research; a reinforced dialogue with industry and possible legislative action. |
Expected Timing |
Commission proposal adopted on 22 May (non-legislative) |
Institutions Involved |
Commission (initial proposal); Member States; European Parliament (consulted - non-binding) |
Potential Impact |
- Heightened political momentum to undertake European action in the area of cyber crime
- Heightened awareness of potential threats and counter-measures
|
Further Information |
http://eur-lex.europa.eu/LexUriServ/site/en/com/2007/com2007_0267en01.pdf
|
Communication on Privacy Enhancing Technology (PETs) |
Background |
The communication on privacy enhancing technologies intends to clarify this concept and is currently included in the data protection Directive, and promotes the development and use of privacy enhancing technologies. |
Expected Timing |
Commission proposal adopted in May 2007 |
Institutions Involved |
Commission (initial proposal); Member States; European Parliament |
Potential Impact |
- Increased awareness and promotion of privacy enhancing technologies
- Assessment of the need to develop standards
- Creation of a EU wide system of privacy seals
|
Further Information |
http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm http://ec.europa.eu/information_society/activities/privtech/index_en.htm |
7th Research Framework Programme |
Background |
The Seventh Framework Programme for research and technological development (FP7) is the European Union's chief instrument for funding research over the period 2007 to 2013 with a budget of 50 billion Euro. The broad objectives of FP7 have been grouped into four categories: Cooperation, Ideas, People and Capacities. For each type of objective, there is a specific programme corresponding to the main areas of EU research policy. Security is an important theme of FP7. |
Expected Timing |
First call of proposals published in December 2006 (deadline for submission May 07), further calls expected throughout the year. |
Institutions Involved |
Commission (co-ordination of evaluation by independent experts, management of programme, development of workprogramme) |
Potential Impact |
- Increased focus on security research at EU level
- Funding opportunities for security research projects
|
Further Information |
http://cordis.europa.eu/fp7/home_en.html
|
Communication on a strategy for effective, secure and privacy-preserving implementation of Radio Frequency Identification Technology |
Background |
This communication proposes a general framework for the deployment of RFID in the Community taking into account the growing pervasiveness of the technology in business, governmental and private application areas, the need to anticipate and organise the integration of RFID in future open environments, the desirability and feasibility of European and global spectrum harmonisation, and the importance of achieving global interoperability for the wide adoption of RFID. Special emphasis is laid on the potential privacy, security and integrity issues implicated by the use of RFID technology to identify and track individuals. |
Expected Timing |
Commission communication adopted on 15 March |
Institutions Involved |
Commission (initial proposal); Member States; European Parliament |
Potential Impact |
- Commission approach to RFID with special attention to privacy, security and integrity issues
|
Further Information |
http://ec.europa.eu/information_society/policy/rfid/index_en.htm
|
Green Paper on detection technologies for law enforcement, customs and other security authorities |
Background |
On 1 September 2006 the Commission adopted a Green Paper on detection technologies in the work of law enforcement, customs and other security authorities (COM (2006) 474). The Hague Programme: strengthening freedom, security and justice in the European Union, adopted by the European Council in November 2004, and the Communication on "Prevention, preparedness and response to terrorist attacks" of October 2004 highlight Public-Private Security Dialogue as a tool for private and public sectors to engage in a meaningful dialogue on Europe's security needs. The Commission called on all interested persons to send in their replies and any other useful contributions in order to determine whether addition EU initiatives need to be undertaken in this area. In relation to ICT, the green paper referred specifically to data and text mining tools and technologies. |
Expected Timing |
Consultation period closed on 10 Jan 07, analysis of responses expected to be published later this year. Meetings of task force or other public private body implementing the results may take place in the first half of 2007 |
Institutions Involved |
European Commission |
Potential Impact |
- Depending on the feedback received, the Commission might decide to undertake additional initiatives in this area
|
Further Information |
http://eur-lex.europa.eu/LexUriServ/site/en/com/2006/com2006_0474en01.pdf
|
Community Framework for safe and efficient health services |
Background |
The objective is to establish a Community framework for safe, high-quality and efficient health services in order to:
- Ensure the patient safety wherever healthcare is provided throughout the Community
- Address uncertainties over application of Community law to health services that create obstacles to cross-border healthcare
- Improve the efficiency and effectiveness of health services throughout the EU
- In preparation for this consultation, the Commission launched a public consultation on this topic.
|
Expected Timing |
Public consultation ended on 31 Jan. Commission proposal expected in June 2007 |
Institutions Involved |
European Commission (initial proposal); Member States; European Parliament |
Potential Impact |
- Creation of a EU framework for health services which would include sharing of patient info and data
|
Further Information |
http://ec.europa.eu/health/ph_overview/co_operation/mobility/community_framework_en.htm
|
Communication on Working together to improve security: Public Private partnership in the field of European security |
Background |
The Communication will present a general programme for public-private cooperation in the security field, including questions regarding security research, fight against terrorism and crime, improved border controls and management of visa requests, and protection of personal data. |
Expected Timing |
Commission proposal expected in June 2007 |
Institutions Involved |
European Commission (initial proposal); Member States |
Potential Impact |
- Possibilities for co-operation in the area of cyber security with the public sector
|
Further Information |
http://ec.europa.eu/justice_home/fsj/intro/fsj_intro_en.htm
|
Communication on Defence Industries and Markets and Directive on defence procurement |
Background |
Defence industries have so far been kept out of the implementation of the internal market. Member States have maintained national control over defence equipment markets and related industries. Markets are therefore fragmented, leading to a corresponding fragmentation of research efforts and industrial bases. Only an intervention at EU level could build a market in this sector and thus pave the way for increased competitiveness, scale effects and more focused research efforts. |
Expected Timing |
Commission proposal expected Oct 2007 |
Institutions Involved |
European Commission (initial proposal); Member States |
Potential Impact |
- Opening up of European Defence markets and procurement
|
Further Information |
http://ec.europa.eu/enterprise/defence/index_en.htm
|