Last week in Strasbourg the European Parliament approved its report, Towards a Digital Single Market Act, with cyber-security as well as the privacy issues surrounding big data and IoT flagged up as major concerns. The primary aim of the Digital Single Market strategy is achieving uniform online access to digital goods and services across all EU member states.
Securing Europe-wide agreement on the terms of the General Data Protection Regulation (GDPR) was praised as the Presidency's major achievement – alongside criticism of its handling of Europe's current migration crisis and terrorist attacks. But Luxemburg politicians continue to punch above their weight, with Jean-Claude Juncker, President of the European Commission, at the forefront of the unified digital market project.
The initial report was approved in the Parliament by 551 to 88, with 39 abstentions, supporting creation of an environment where digital networks and services can prosper by introducing rules intended to match the pace of technology and support infrastructure development.
President Juncker declared that it's time to tear down regulatory walls and move from 28 national sets of rules for doing business to a single market approach for 500 million people. It could contribute €415 billion per year to Europe's economy and create hundreds of thousands of new jobs.
This lofty aim does seem to contradict the bureaucracy's approach of tackling problems by implementing rather than tearing down regulation. However, the existing patchwork of rules does disadvantage SMEs in comparison to international concerns, as only seven percent of EU small- and medium-sized businesses currently sell cross-border.
Going forward the plans include legislative proposals to reform the current telecoms rules and the Audiovisual Media Services Directive, establishment of a cyber-security contractual public-private partnership and a review of the e-Privacy Directive.
Speakers in Parliament ranged from Junker declaring that the move would ensure that Europe maintains its position as a world leader in the digital economy, while others said it had already fallen behind both the US and Asia.
One of the moves on which there was general agreement was to stop geo-blocking of the sale and use of goods and services across borders. All services should be available across the EU on the same basis, at the same price and not on the basis of their IP address, postal address or the country of issue of credit cards. This was described as unjustified and a practice which “must stop”.
Subscription services for IP, such as online movie streaming, will need to change their model on copyright use – but also some vendors in the security space selling services online, which may have different pricing in different European countries to take account of differences in incomes, will have to change their models too.
MEPs want Europe to seize the opportunities opened up by new technologies, such as Big Data, cloud computing, the Internet of Things and 3D printing, and have an innovation-friendly policy towards online platforms, believing it will increase job opportunities.
And the 16 digital single market initiatives announced by the European Commission last May to boost the digital economy and innovation must be tabled without delay, MEPs insisted.
"We have ensured that this report on the digitisation of the EU economy, society and public administrations determines legislative and non-legislative action to benefit consumers and to preserve Europe's competitive social market economies”, said Internal Market Committee co-rapporteur Evelyne Gebhardt (Progressive Alliance of Socialists and Democrats, Germany).
"Europe has already missed two waves of innovation. First social networks, then the sharing economy. If we don't want to miss the next wave, we have to look to the Internet of Things, Big Data and machine-to-machine communication. They can radically transform our economy and our legislation needs to reflect that", said Estonian MEP and Industry Committee co-rapporteur Kaja Kallas (Alliance of Liberals and Democrats for Europe, Estonia).
Kallas added that the parliament “needs to give a clear signal that we support innovation. If laws are no longer fit for purpose, we need to let them go and reform them”.“Multinationals are able to comply with different sets of rules, but smaller companies are hit by them. On big data and IOT – if Europe doesn't have a unified approach, including cyber-security, the EU will miss out. By backing limited liability of intermediaries (ie they will not be held responsible for the content run over their networks) and the needed for freedom of expression, citizens are given better control over the use of their data. Users need a basic level of security including encryption and updates. But it is not our responsibility to tell people how to do this.”
Estonian MEP and Industry Committee co-rapporteur Kaja Kallas
SCMagazineUK.com spoke to Kallas after the session to ask specifically about the impact on cyber-security issues. We asked whether a uniform approach to digital markets and cyber-security across Europe would result in more digitally advanced countries like Estonia having to downgrade its requirements.
Kallas told SC: “We are still hoping that you won't have to reduce [standards] to converge in the middle ground, but it is rather a raising of standards of those which are lower. The European Commission should have more ambitious plans because this report and the discussions and debate showed that the European Parliament is willing to support higher standards in every aspect.”
SC asked how do you reconcile different views over the best technological approaches to adopt? Kallas replied, “Of course is not for legislators to say which technology is the best and the legislation should be technology neutral or it wouldn't stand the test of time. We try to aim to give the standards we want and not specific solutions.”
Regarding legislating minimum standards, Kallas said: “It can be a problem when you legislate a minimum standard on some issues, then we still have 28 different sets of rules as you just harmonise the minimum then beyond this everyone does what they want. For example, when we talk about drones and the rights applicable and how they should be regulated, if we agree minimum harmonisation, you still have them flying across the borders, and what happens then? It's all new rules, and consumer protection is the same [sort of issue]. If we [only] agree that everyone should have minimum standards, we can still have 28 sets of rules where member states are reluctant to give up their rights to regulate and control things. But I think if we look at the consumers or companies perspective, then everyone is asking, why don't we have one single set of rules? Then you go to the council level and everyone is protecting their own, so let's just go [and agree uniform rules].”
Kallas agreed then when it comes to the issues that concern security and surveillance, “member countries are not cooperating at all or sharing information”.
Kallas noted: “We have the problem that only seven percent of SMEs are selling online, cross border – it's a very small number. Why don't they do this? Because if you are a small company you see you have to comply with all the consumer rules – six month guarantee here and two years' guarantee there, so [they say] let's just leave it and just sell in their own state. For the big multinationals, it's easier for them as they have a number of lawyers handling all these things, but for small and medium sized companies which the European economy is based on, they can't deal with the different rules so they just don't sell.”
Kallas agreed that EU Data Protection Regulation, “ideally should also be harmonised in all member states,” adding, “Whether it should be stronger or not is another issue, but it's important that the rules should all be the same.”
Implementation was seen as a potential concern. “You can make the rules but if they are not properly implemented or are implemented in different ways it is still the same problem.”
Regarding cyber-security, Kallas was particularly interested in the recent presumed Russian attacks on Ukraine, noting, “It's been in the air for a long time that if the systems are weak they will be hacked. This was actually the first time it was done, when there was a blackout because of hacking, and this points to the concerns of being digital.”
She continued: “And maybe this directive is helping, saying member states have to share information about these attacks, because the problem is that everyone is embarrassed when something like this happens. They think it shows their weaknesses so they don't really disclose these things. But if others don't know they can't protect themselves. It's a two-sided thing – to be open, saying we have problems scares people but others have to know in order to improve their security systems.”
When asked if such a cyber-attack on infrastructure counts the same as a military attack, Kallas told SC: “There are some people who have said that it counts under Nato article 5, but I don't think that anybody at a high level has really taken this position because it's a very dangerous position to take. Because then you have to be sure that it is the state which is attacking, and Nato is all about countries and not companies. So you have to show the clear link between the hacker and the state.
“When we [Estonia] had the attacks, then there was discussion whether it came under Article 5, and everyone was quite cautious [in case there was escalation]. It's different if it's one thing [which is attacked], another if it's several – which could cause chaos.”
Digital Single Market Strategy
Last week's resolutions feed into the 16 key actions under three pillars which the Commission intends to deliver by the end of 2016 in its “Digital Single Market Strategy for Europe”. Parliament will co-legislate on equal footing with the EU Council of Ministers on the legislative proposals to boost the Digital Single Market which entail the following:
Pillar I: Better access for consumers and businesses to digital goods and services across Europe:
1. rules to make cross-border e-commerce easier. eg harmonised EU rules on contracts and consumer protection.
2. enforce consumer rules more rapidly and consistently, by reviewing the Regulation on Consumer Protection Cooperation.
3. more efficient and affordable parcel delivery.
4. end unjustified geo-blocking when online sellers either deny consumers access to a website based on their location, or re-route them to a local alternative with different prices.
5. identify potential competition concerns affecting European e-commerce markets. 6. modern, more European copyright law to reduce the differences between national copyright regimes.
7. review the Satellite and Cable Directive.
8. reduce the administrative burden businesses face from different VAT regimes.
Pillar II: Creating the right conditions and a level playing field for digital networks and innovative services to flourish
The Commission will:
9. present an ambitious overhaul of EU telecoms rules.
10. review the audiovisual media framework.
11. comprehensively analyse the role of online platforms (search engines, social media, app stores, etc.) in the market, plus how to best tackle illegal content on the Internet.
12. reinforce trust and security in digital services, notably concerning the handling of personal data. Building on the new EU data protection rules, the Commission will review the e-Privacy Directive.
13. propose a partnership with the industry on cyber-security in the area of technologies and solutions for online network security.
Pillar III: Maximising the growth potential of the digital economy
The Commission will:
14. propose a 'European free flow of data initiative' to promote the free movement of data in the European Union. The Commission will also launch a European Cloud initiative covering certification of cloud services, the switching of cloud service providers and a "research cloud".
15. define priorities for standards and interoperability in areas critical to the Digital Single Market.
16. support an inclusive digital society where citizens have the right skills to seize the opportunities of the Internet and boost their chances of getting a job. The roll-out of e-procurement and interoperable e-signatures will be accelerated.