Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: the consumer perspective

Published byΔιονύσιος Μπότσαρης Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity: the consumer perspective"— Presentation transcript:

1 Cybersecurity: the consumer perspective
Monique Goyens, Director-General European Economic and Social Committee, Public Hearing on Cybersecurity Brussels, 9 January 2018

2 Consumers and Internet of Things
There are more and more connected devices in the world (conservative estimates: 31 billion by 2020 and 75 billion by 2025) ‘New world for consumers’ Benefits and challenges for consumers

3 Cybersecurity and Internet of Things
As the IoT ecosystem grows, the exposure of connected products to an eventual cybersecurity breach also increases. In 2016 were more than ransomware attacks per day (increase of 300% if compared with 2015) 86% of consumers believe that the risk of becoming a victim of a cybercrime is increasing (1) (1) European Commission, Special Eurobarometer 464a, Europeans’ attitudes towards cyber security, September 2017

4 Example: smartwatches

5 Example: smartwatches

6 Example: smartwatches

7 Fragmentation of enforcement policies in the EU
In December 2016, the Norwegian Consumer Council carried out an investigation on ‘my friend Cayla’ Serious security flaws discovered In January 2018, only two Member States (Germany and France) took action to prohibit Cayla from being sold on their territory. Bullet point number 1: In December 2016, our Norwegian member Forbrukerrådet (Norwegian Consumer Council) looked at the technical features of three popular connected toys sold in the EU market. One of them was ‘My Friend Cayla’ Bullet point number 3: With simple steps, anyone can take control of the toys through a mobile phone. This makes it possible to talk and listen through the toy without having physical access to the toy. This is very disturbing since these products are likely to be kept in children’s room on most occasions. Bullet point number 4: Despite the serious security vulnerabilities revealed by NCC, only two Member States took action to prevent the circulation of Cayla in the European market. Even if the product is sold in all Member States, there was not an EU enforcement reaction to prevent this product from being sold on the EU market. Furthermore, in the only country where the product was prohibited, the ban was based on national law and not EU law. Germany: Cayla was banned in February 2017 following a decision by the German Regulator (Bundesnetzagentur). While we welcomed this decision (BEUC issued a press statement), it is not based on EU law. They used the German Telecommunications Act, which has a specific clause regarding hidden spying (§ 90). France: In December 2017, French Data Protection Authority (CNIL) issued a formal notice to the manufacturer of ‘My Friend Cayla’ for violation of the right to privacy because of a lack of security. The manufacturer has now two months to comply with the French Data Protection Act or otherwise face sanctions.

8 Lack of will from manufacturers
December 2016 November 2017 Recent campaigns from our members have proven that, even when confronted with evident security vulnerabilities in their products, manufacturers remain reluctant to act and improve the security functionalities of their products. Almost one year after the #ToyFail campaign from the Norwegian Consumer Council, UK consumer organisation Which? reassessed the security features of some of the toys tested by Forbrukerrådet (in particular i-Que Robot) only to find that the security flaws identified in December 2016 had not been corrected yet.

9 EU legal framework not fit to address cybersecurity concerns
In key consumer product legislation (e.g. General Product Safety Directive and Radio Equipment Directive), the ‘safety’ concept is completely outdated. Manufacturers are obliged to only make safe products available on the market But ‘safety’ does not cover the safety risks that are generated because of the lack of security connected products.

10 Securing consumer trust in the internet of things

11 Securing consumer trust in the internet of things
Security and safety: “4.1. The concept of ‘safety’ in general and sector sepcific product safety legislation should be broadened to reflect new cybersecurity, data security and product safety concerns”. “4.6 Companies should adopt best practices standards such as security by design and by default, and be subject to independent assessments of compliance. (...)”

12 Security by design and by default
Security by design: all connected products and services should better incorporate state of the art cybersecurity functionalities at an early stage of their design process and before putting the products on the market Security by default: the settings of a connected device and service are secure as a basic setting

13 Thank you for your attention mgo@beuc.eu

Download ppt "Cybersecurity: the consumer perspective"

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Building trust, consumer protection & TTIP Johannes Kleis IMCO/INTA joint public hearing European Parliament, Brussels 24 February 2015.

Building trust, consumer protection & TTIP Johannes Kleis IMCO/INTA joint public hearing European Parliament, Brussels 24 February 2015.
International Employment – latest Digital Employment issues Melanie Lane and Karine Audouze.

International Employment – latest Digital Employment issues Melanie Lane and Karine Audouze.
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel:+230 201 36 04 Helpdesk:+230.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
EU regulatory framework for electronic communications - Introduction Richard Harris Independent EU telecommunications consultant ICTtrain workshop London.

EU regulatory framework for electronic communications - Introduction Richard Harris Independent EU telecommunications consultant ICTtrain workshop London.
What about a future European Safety Act ? June 8, 2012 Noëlle Lenoir.

What about a future European Safety Act ? June 8, 2012 Noëlle Lenoir.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Canadian Gaming Summit April,29- May,1st Montréal, Québec Gaming in Europe, Thibault Verbiest, Attorney at law, partner at ULYS www.ulys.net www.gaminglaw.eu.

Canadian Gaming Summit April,29- May,1st Montréal, Québec Gaming in Europe, Thibault Verbiest, Attorney at law, partner at ULYS
Drones use in the civil market View of the French DPA

Drones use in the civil market View of the French DPA
Health and safety at work

Health and safety at work
Energy investments in the EU and Russia

Energy investments in the EU and Russia
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
What the government does A2 Economics and Business Unit 4B By Mrs Hilton for revisionstation.

What the government does A2 Economics and Business Unit 4B By Mrs Hilton for revisionstation.
IFCLA June 6 th, 2008 Paris State monopoly and online gambling update Thibault Verbiest, Attorney at law, partner at ULYS www.ulys.net www.gaminglaw.eu.

IFCLA June 6 th, 2008 Paris State monopoly and online gambling update Thibault Verbiest, Attorney at law, partner at ULYS
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
1111111111111111111111111111 THE STATUS OF SECONDMENT  Poland is a country whose workers are mainly sent to other countries of the European Union or European.

THE STATUS OF SECONDMENT  Poland is a country whose workers are mainly sent to other countries of the European Union or European.
DG Enterprise and Industry Philippe JEAN Sustainable Mobility & Automotive Industry Unit WP.29 Enforcement Working Group meeting 27 June 2013 2013 update.

DG Enterprise and Industry Philippe JEAN Sustainable Mobility & Automotive Industry Unit WP.29 Enforcement Working Group meeting 27 June update.
TACKLING REGULATORY CREEP Some observations from food regulation Michael Hunt Food & Drink Federation.

TACKLING REGULATORY CREEP Some observations from food regulation Michael Hunt Food & Drink Federation.

Similar presentations

Ads by Google