Cybersecurity: the consumer perspective

Slides:

Advertisements

Similar presentations

Philippine Cybercrime Efforts

Advertisements

Building trust, consumer protection & TTIP Johannes Kleis IMCO/INTA joint public hearing European Parliament, Brussels 24 February 2015.

International Employment – latest Digital Employment issues Melanie Lane and Karine Audouze.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.

EU regulatory framework for electronic communications - Introduction Richard Harris Independent EU telecommunications consultant ICTtrain workshop London.

What about a future European Safety Act ? June 8, 2012 Noëlle Lenoir.

The Data Protection (Jersey) Law 2005.

Canadian Gaming Summit April,29- May,1st Montréal, Québec Gaming in Europe, Thibault Verbiest, Attorney at law, partner at ULYS

Drones use in the civil market View of the French DPA

Health and safety at work

Energy investments in the EU and Russia

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

What the government does A2 Economics and Business Unit 4B By Mrs Hilton for revisionstation.

IFCLA June 6 th, 2008 Paris State monopoly and online gambling update Thibault Verbiest, Attorney at law, partner at ULYS

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

THE STATUS OF SECONDMENT  Poland is a country whose workers are mainly sent to other countries of the European Union or European.

DG Enterprise and Industry Philippe JEAN Sustainable Mobility & Automotive Industry Unit WP.29 Enforcement Working Group meeting 27 June update.

TACKLING REGULATORY CREEP Some observations from food regulation Michael Hunt Food & Drink Federation.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

The revised EU Cosmetics Legislation

European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”

Fire Safety in European Hotels Dr SD Christian. Fire Safety in European Hotels Council Recommendation 86/666/EEC Fire Safety in European Hotels.

Michal PETR Office for the Protection of Competition OECD – Better Policies for Better Lives Competition Law and Policy.

Defining and applying mitigating and aggravating circumstances. Relevant changes to the amount of fine. Defining and applying mitigating and aggravating.

S tefano S oro European Commission Health and Consumer Protection DG OBLIGATION OF PRODUCERS AND DISTRIBUTORS TO NOTIFY DANGEROUS PRODUCTS.

©2012 Morrison & Foerster (UK) LLP | All Rights Reserved | mofo.com Data Protection Masterclass: The New Draft EU Data Protection Regulation 19 September.

The Internet of Things and Consumer Protection

Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,

Richard Harris DG Information Society European Commission EICTA - PHARE Business support programme Brussels, 5 December 2001 “EU Policy for electronic.

DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

Data protection and compliance in context 19 November 2007 Stewart Room Partner.

The EU Directive on "Services in the internal market", COM(2004) 2 final/3 Agnese Knabe Project coordinator European Public Health Alliance Civic Alliance.

Market Surveillance in the Republic of Moldova Bratislava 2007 Maria Bizgu, MoldovaStandard Market Surveillance in the Republic of Moldova Bratislava.

WHOIS Public safety and data protection requirements.

CONSUMER PROTECTION Slovak Customs Administration UNECE „MARS“ Group meeting 24 – 26 September 2006, Bratislava Bc. Viliam Pružinec, Customs Directorate.

Health & Consumers Directorate General EU SPS Notification Authority and Enquiry Point - working methods Brussels, 23 November 2011.

Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Accountability & Structured Privacy Management

Surveillance around the world

Current developments at EU level

The Citizen in the centre in EU, Bratislava November,2005

JORGE LIGÜERRE CHAIRMAN COMMUNICATION COMMITTEE, ELA

EU tobacco and nicotine regulations - general aspects

▸ Agustín Reyna Conference dedicated to European Consumer Day Vilnius

Seminar on Occupational Safety and Health (Ref. IM 11914)

Data protection headaches: GDPR, brexit AND perimeter risk

Dr. José Ignacio Cubero Marcos University of the Basque Country

The New Legislative Framework Miniseminar New Legal Framework Reykjavík, 10 December 2008 Doris Gradenegger Unit C1: Regulatory Approach for the Free.

European Common Policies Prepared by Dr. Endre Domonkos (PhD)

OECD – Better Policies for Better Lives Competition Law and Policy

Information Governance and Data Privacy: A World of Risk

HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.

Implementation of the Strategic engagement for gender equality

Notifiable data breaches Roundtable

The Mutual Recognition Regulation

The Role of European Standards in Support of the Cybersecurity Act

Afef Abrougui and Koliwe Majama Internet Freedom Festival, March 2017

From DPA to GDPR: the key elements

Economic and social cohesion in the Western Balkans - cybersecurity

Business Law: An Introduction Summary Notes 1

New Challenges Products sold online. - new technologies

The new EU type-approval framework for motor vehicles

The European Anti-Corruption Report

Anni Podimata, Vice President ITRE

Prof. Dietmar Hoscher, ECA Vice-Chair

EU Data Protection Legislation

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

Cybersecurity: the consumer perspective Monique Goyens, Director-General Twitter:@moniquegoyens European Economic and Social Committee, Public Hearing on Cybersecurity Brussels, 9 January 2018

Consumers and Internet of Things There are more and more connected devices in the world (conservative estimates: 31 billion by 2020 and 75 billion by 2025) ‘New world for consumers’ Benefits and challenges for consumers

Cybersecurity and Internet of Things As the IoT ecosystem grows, the exposure of connected products to an eventual cybersecurity breach also increases. In 2016 were more than 4.000 ransomware attacks per day (increase of 300% if compared with 2015) 86% of consumers believe that the risk of becoming a victim of a cybercrime is increasing (1) (1) European Commission, Special Eurobarometer 464a, Europeans’ attitudes towards cyber security, September 2017

Example: smartwatches

Example: smartwatches

Example: smartwatches

Fragmentation of enforcement policies in the EU In December 2016, the Norwegian Consumer Council carried out an investigation on ‘my friend Cayla’ Serious security flaws discovered In January 2018, only two Member States (Germany and France) took action to prohibit Cayla from being sold on their territory. Bullet point number 1: In December 2016, our Norwegian member Forbrukerrådet (Norwegian Consumer Council) looked at the technical features of three popular connected toys sold in the EU market. One of them was ‘My Friend Cayla’ Bullet point number 3: With simple steps, anyone can take control of the toys through a mobile phone. This makes it possible to talk and listen through the toy without having physical access to the toy. This is very disturbing since these products are likely to be kept in children’s room on most occasions. Bullet point number 4: Despite the serious security vulnerabilities revealed by NCC, only two Member States took action to prevent the circulation of Cayla in the European market. Even if the product is sold in all Member States, there was not an EU enforcement reaction to prevent this product from being sold on the EU market. Furthermore, in the only country where the product was prohibited, the ban was based on national law and not EU law. Germany: Cayla was banned in February 2017 following a decision by the German Regulator (Bundesnetzagentur). While we welcomed this decision (BEUC issued a press statement), it is not based on EU law. They used the German Telecommunications Act, which has a specific clause regarding hidden spying (§ 90). France: In December 2017, French Data Protection Authority (CNIL) issued a formal notice to the manufacturer of ‘My Friend Cayla’ for violation of the right to privacy because of a lack of security. The manufacturer has now two months to comply with the French Data Protection Act or otherwise face sanctions.

Lack of will from manufacturers December 2016 November 2017 Recent campaigns from our members have proven that, even when confronted with evident security vulnerabilities in their products, manufacturers remain reluctant to act and improve the security functionalities of their products. Almost one year after the #ToyFail campaign from the Norwegian Consumer Council, UK consumer organisation Which? reassessed the security features of some of the toys tested by Forbrukerrådet (in particular i-Que Robot) only to find that the security flaws identified in December 2016 had not been corrected yet.

EU legal framework not fit to address cybersecurity concerns In key consumer product legislation (e.g. General Product Safety Directive and Radio Equipment Directive), the ‘safety’ concept is completely outdated. Manufacturers are obliged to only make safe products available on the market But ‘safety’ does not cover the safety risks that are generated because of the lack of security connected products.

Securing consumer trust in the internet of things http://www.beuc.eu/publications/beuc-x-2017-137_securing_consumer_trust_in_the_internet_of_things.pdf

Securing consumer trust in the internet of things Security and safety: “4.1. The concept of ‘safety’ in general and sector sepcific product safety legislation should be broadened to reflect new cybersecurity, data security and product safety concerns”. “4.6 Companies should adopt best practices standards such as security by design and by default, and be subject to independent assessments of compliance. (...)”

Security by design and by default Security by design: all connected products and services should better incorporate state of the art cybersecurity functionalities at an early stage of their design process and before putting the products on the market Security by default: the settings of a connected device and service are secure as a basic setting

Thank you for your attention mgo@beuc.eu www.beuc.eu – consumers@beuc.eu