Securing free and fair European elections Cybersecurity@CEPS Summit 2018 Marie-Helene Boulanger DG JUST EU Citizenship Rights and Free Movement
Special Eurobarometer 477 on Democracy and Elections Published on 26 November, and covering three main topics: -Voting and Elections in Europe -Elections, the Internet and Online Social Networks -Democratic Values and Principles in Europe
The majority of respondents were concerned about a range of potential electoral interferences
The majority is concerned about disinformation (73%), targeting (67%) and censorship online (55%)
Securing free and fair elections in Europe Package presented by the Commission on 12 September 2018: Communication on Securing Free and Fair Elections in Europe Guidance on the application of Union data protection law in the electoral context Recommendation on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns Targeted legislative amendment to tighten the rules on European political party funding
Communication on securing free and fair elections A crucial moment for the future of the European Union. European citizens should be able to vote with the security that they are not being misled. Ensuring the resilience of the Union's democratic systems is part of the Security Union. Attacks against electoral infrastructure and campaign information systems are hybrid threats that the Union needs to address.
Online communication has significantly reduced barriers for interaction with citizens, however: Exposure of the electoral process to malicious actors via disinformation campaigns, misuse of personal data, and cyber- attacks Politically motivated mass online disinformation campaigns, including by third countries, with the specific aim to discredit and delegitimise elections, have been recognised as growing threats to our democracies.
Online communications Cross-cutting issue. Conventional “off line” safeguards exist (silence periods, rules on funding, equality between candidates, transparency requirements etc.) Their application in the online environment should be reviewed.
Other measures already being taken - New European data protection framework applicable since May 2018 => General Data Protection Regulation Directly applicable across the European Union Provides the tools necessary to address unlawful use of personal data in the electoral context Data Protection guidance - Ongoing work to promote a more secure online environment by increasing our overall resilience to cyber threats, including online disinformation and behavioural manipulation. Communication, Code of Conduct and Action Plan on Disinformation adopted yesterday.
The Recommendation “on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns in the context of elections to the European Parliament” Election cooperation networks Transparency in political advertising Appropriate sanctions for infringements of rules on the protection of personal data Cybersecurity Awareness raising activities => Adressed to Member States’ authorities as well as EU and national political parties and linked entities (foundations, campaign organisations...).
National Networks Each Member State should set up a national election network, involving national authorities with competence for electoral matters and authorities in charge of monitoring and enforcing rules related to online activities relevant to the electoral context Electoral authorities, data protection and cyber security authorities, media regulators etc.
National Networks To support each national authority in its respective tasks, the national networks should facilitate the swift, secured exchange of information on issues capable of affecting the elections to the European Parliament jointly identify threats and gaps share findings and expertise liaise on the application and enforcement of relevant rules in the online environment.
European elections cooperation Network Facilitates the sharing of expertise and best practices among Member States including on threats, gaps and enforcement. Meetings scheduled as from January.
Transparency The Recommendation calls on Member States: - to encourage and facilitate the transparency of paid online political advertisements and communications. - Where such transparency is not ensured, to apply sanctions in the relevant electoral context.
Transparency It further calls on European and national political parties, foundations and campaign organisations: - to ensure that citizens of the Union can easily recognise online paid political advertisements and communications and the party, foundation or organisation behind them. - to make available on their websites information on their expenditure for online activities, including paid online political advertisements and communications, as well as information on any targeting criteria used in the dissemination of such advertisements and communications.
Appropriate sanctions for infringements of rules on the protection of personal data => Member States to apply appropriate sanctions on political parties and foundations at national and regional level for cases of data protection infringements being used to deliberately influencing or attempting to influence the elections to the European Parliament.
Cybersecurity - Member States to put in place the necessary procedures to prevent, detect, manage and respond to cyberattacks, aiming to minimise their impact, and guarantee a swift exchange of information at all relevant levels, from technical to operational and political. - European and national political parties, foundations and campaign organisations to implement specific and appropriate measures to prevent cyber incidents and protect themselves against cyberattacks.
Awareness raising Member States to engage with third parties in awereness raising activities aimed at increasing the transparency of elections and building trust in the electoral processes, such as media, online platforms and information technology providers.
Guidance on the application of EU data protection law - Support the application of the data protection obligations under EU law in the electoral context.
Annual Colloquium on Fundamental Rights 2018 : Democracy in the EU • Held over two days last week and attended by more than 400 participants from Member States, civil society, the media, academia, international organisations and the private sector • Discussions on: resilient and inclusive democracy, broad participation and representation, a secure electoral process, a free and strong civil society, an informed and pluralistic democratic debate, freedom of expression online and offline
Annual Colloquium on Fundamental Rights 2018 Clear agreement among participants that safeguarding democracy and the electoral process has to be a joint effort from all stakeholders. Neither the public nor the private sectors alone can provide solutions to existing challenges.
Thank you