European court opinion strengthens role of national data supervisors in Facebook case
The Belgian National Security Council has proposed a new law which includes a series of additional security measures regarding the rollout of 5G mobile networks. The capability of 5G is immense and will affect every area of the economy, and every government has a duty to ensure that any deployed 5G technology is safe to use as a communication medium by its citizens and the government. At an online roundtable debate organized today (17December), by EU Reporter, interested experts and commentators debated the issue.
Yvan Desmedt, a lawyer specialising in competition and telecom law, told the debate “What we see in the regulatory proposals refer to what would qualify as what is referred to as a high-risk vendor, but you actually see that the criteria which are being proposed are extremely vague, leave a huge margin of discretion to the to the government, and that is, I think, a real concern to us.
“Because that margin of discretion, it first of all leads to unpredictability and absence of legal certainty.
“It also means that your ability to subsequently put the governmental decision to judicial scrutiny is something which is going to be very difficult.
“So, the concept of national security concern is a little bit like a journey that is being played now. And which may also be used forin a broader fashion in the context of, you know, tensions and trade relationships and others to advocate also or to push behind that argument of national security.”
Mike Parr, of PWR Ltd, specialising in Network Research, asked the question: “Apologies for being controversial, but it is the fact that the security services wants to intercept mobile traffic. I’d be interested to hear the definition of security. Now, what do we mean by it? Is it to protect somebody from looking at or to protect somebody that’s using it to either send the recipe to somebody else?
“I don’t know, I’ve not seen a definition. I’d be interested to hear why.”
Professor Georges Ataya, Academic Director of Solvay Business School and partner in Ataya & Partners, spoke of the implications to information security.
He said: “I think we have to look at what is our objective from what we talk about in relation to security. Security ensures that we guarantee confidentiality, integrity, availability, non-repudiation, etc.
“What is important for us is the national security. There are specific objectives on how to protect national security, which means no backdoors, no eavesdropping, etc.
“Now, there are the business objectives, or nationwide security objectives that I just mentioned, no backdoor, eavesdropping etc. and we can specify those we can list and inventory those and for each one of those we can try to get a positive assurance.
“And this is the way we act, we the security professionals, which means that we identify what is the risk, what is within the architecture that we have, whether it is business related architecture, application architecture, technology, architecture, whatever, what is in that landscape, what would be the potential risks and for each one of those risks, identify what are the affirmative actions that we have to do to validate verify How much of that risk could exist?
Or if it exists, how much it is serious? How much the impact can be great. And based on that kind of assessment, we can identify, say yes there is an issue or no, there is not an issue”
Yvan Desmedt responded by saying: “George, if I may just pick up on this for one minute, because I think what you’re saying is exactly the problem that we face with the proposal that is put on the table for the Belgian measure, which is kind of putting it upside down. So, it is targeting what is referred to us as a higher risk vendor.
“But without doing that, what should be done is really kind of this bottom-up approach is to start with the risks and then identify the measures which you should be taking, and the risks require a complete, you know, understanding of how the networks are going to work, and where the potential cyber security risks lie within the network. And that is not what is on the table now for the 5G restrictions in Belgium.”
Shannon Brandao, an American attorney in European & international business law, said: “I’ve been following the struggles across the jurisdictions, I’ve been following them in the US and Canada, in the UK, and in various member states, as well as at the EU level.
“The US, for its part fears that Huawei equipment, or at least the government of China, in Beijing could use Huawei equipment to gather intelligence to steal trade secrets, to track down and punish dissidents, and to even go so far as to bring down entire networks to incapacitate other nations in times of crisis.”
Raquel Jorge Ricart, a Fulbright Fellow specialising in Public Policy, Strategy and the Governance of Technology, said: “One of the main problems with this is that when you look at the European Union you realise that if you want to define, for example, a country of origin, one of the main challenges, and one of the main needs for all EU member states is the fact that all of them implement the same standards.
“And one of the main problems in the case of Belgium is the fact that each country has been defined to the same criteria of what risk means and what security risk means, but especially the fact that no country is harmonising its own standards with those of its peers within the European Union. And in my perspective, they should be sure they lead to a stronger centralization of policies at the EU level if the European Union wants to do this properly.”