Cybersecurity & Surveillance

"Cybersecurity has moved from the sole technical field to become a key legal issue"

In the current context of Big Data, Cloud Computing, Internet of Things (IoT) and more generally the upward interconnection of IT systems, cybersecurity has moved from the sole technical field to become a key legal issue, not only to ensure the effectiveness of the fundamental rights to privacy and to protection of personal data but also to improve the functioning of the internal market by creating trust and confidence.

In this context, European Union law imposes risk-based security measures and incident reporting obligations to guarantee the confidentiality, integrity and availability of information.

Additionally, rules provide for a European certification framework for ICT processes, products and services to materialise the security-by-design principle.

Given the increased risks of cyber-attacks and data breaches, cybersecurity is of course linked with the fight against cybercrime. In matters of substantive criminal law, European and national law incriminate cyber-offences such as computer-related forgery and fraud, external and internal hacking, sabotage, as well as the use and distribution of any malware, virus, or trojan.

Furthermore, to allow police and judicial authorities to have effective means for investigations, procedural criminal law provide for enquiry tools such as the search and seizure of computer data, the collection of traffic data and the interception of content data.

The aim of the research at the CRIDS is to strike the right “balance” between the fundamental rights of citizens, the legitimate interest of companies and public bodies to be secured against cyber threats and the efficiency of law enforcement authorities in ensuring their missions. In a digital democracy, cybersecurity and the fight against cybercrime are means to ensure the protection of fundamental rights such as the right to privacy: legality and proportionality are the main safeguards against a state of surveillance.

 

Related publications from the CRIDS members:

E. DELHAISE, C. FIEVET, « Frontières intelligentes et nouvelles incriminations pénales : l'Union européenne face à la problématique des Foreign terrorist fighters », J.T., pp. 113-120, 2017.

F. DUMORTIER, « Cybersécurité, vie privée, imputabilité, journalisation et log files », D.C.C.R., 2019, n°122-123, pp 201-230.

F. DUMORTIER, « La sécurité des traitements de données, les analyses d'impact et les violations de données », Le Règlement général sur la protection des données (RGPD / GDPR) : analyse approfondie, Collection du CRIDS, n°44, Bruxelles, Larcier, 2018, pp. 143-253.

C. FORGET, F. DUMORTIER, « Criminalité informatique », R.D.T.I., 2017, n°68-69, pp. 199-218.

C. FIEVET, « Accès des collaborateurs de l’Office des étrangers à la Banque de données Nationale Générale (BNG)», R.D.T.I., 2016, n°63-64, pp. 5-22.

C. FORGET, « La protection des données dans le secteur de la "police" et de la "justice" », Le Règlement général sur la protection des données (RGPD / GDPR) : analyse approfondie, Collection du CRIDS, n°44, Bruxelles, Larcier, 2018, pp. 865-900.

C. FORGET, « L’avis de la C.J.U.E. sur l'accord PNR Union européenne-Canada : une occasion ratée de réaffirmer le principe de finalité ?», J.D.E., 2018, pp. 87-89.

A. MICHEL, « Révision de la « loi caméras » : précisions ou ambiguïtés pour l’installation et l’utilisation de caméras de surveillance ? », J.T., 2019, pp. 149-160.

 

CRIDS Documentary Database