Organized by Insafe, the pan-European network of Safe Internet Centres (SICs), Safer Internet Day (SID) means to promote a safer and more accessible online environment for European citizens, especially children and young people. The annual occasion, which is marked by press conferences, in-school events and launch of a host of educational resources, captures Europe’s increasingly fervent preoccupation with questions of cybersecurity throughout the member states.
The theme of this year’s SID encourages all EU citizens to “play their part for a better internet,” reflecting the manner in which all individuals, including children, parents, educators, industry leaders and decision-makers have stakes in the development of a secure digital culture. Indeed, the most recent data published by Eurostat indicates that although varying in severity, concern regarding cybersecurity is widespread throughout the Union.
Sizable fractions of internet users in the European Union refrained from engaging in online activities including ordering or buying goods or services for private use, carrying out banking activities such as account management and using the internet with mobile device via wireless connection outside home in 2015 (19 percent, 18 percent and 13 percent, respectively.) Fear for the safety of one’s online data varies considerably by member state. Notably, 35 percent of all Romanian internet users opted not to engage in e-commerce last year (with Sweden and Portugal following closely behind at 34 and 30 percent, respectively.)
Figures outlining member states’ abstinence from carrying out banking activities such as account management and using the internet with mobile device via wireless connection outside home are similarly telling. 27 percent of all German internet users refrained from partaking in e-banking, followed by Portuguese and Italian users at 26 and 24 percent, respectively. 22 percent of internet users in the Netherlands neglected to connect to WiFi outside of their own homes, followed by Latvia and Spain at 21 and 20 percent respectively.
European citizens’ concern for security of their digital information is not without reason. Indeed, according to a press release from the European Commission, one in four internet users in the EU experienced a security-related issue in 2015. Though security issues were relatively manageable in the Netherlands and Czech Republic, affecting only 11 and 10 percent of users respectively, nearly half of Croatian users (a jarring 42 percent) encountered security-related trouble. These issues consisted largely of viruses affecting devices, abuse of personal information, financial losses and children accessing inappropriate websites, according to the Commission.
This widespread distrust in EU policy regulating cybersecurity has consequences not just for European citizens’ day-to-day internet usage. Europe’s Digital Single Market, which Commission president Jean-Claude Juncker has prioritized throughout his term, suffers under the weight created by failing online networks and services.
In order to vitalize the Digital Single Market as well as protect the rights of European citizens, EU decision-makers have recently kept cybersecurity at the top of their agendas. A couple notable agreements made in December of 2015, for instance, punctuate the EU’s ongoing effort to regulate the protection of European privacy both at home and overseas.
Moving forward from the Network and Information Services Directive (NIS), which was the main legislative proposal under the 2013 EU Cybersecurity Strategy, Parliament and the Luxembourg Presidency of the EU Council of Ministers agreed on a number of rules that will govern information systems in Europe going forward. Under the NIS Directive, “Member States will be required to adopt a national NIS strategy defining the strategic objectives and appropriate policy and regulatory measures in relation to cybersecurity,” according to a press release from the Commission. “Member States will also be required to designate a national competent authority for the implementation and enforcement of the Directive, as well as Computer Security Incident Response Teams (CSIRTs) responsible for handling incidents and risks.”
As of now, this agreement has yet to be formally approved by the European Parliament and the Council. When it is approved, it will be published in the EU Official Journal and will thus be enacted. Member states will then have 21 months to implement this Directive into their national laws.
European Parliament and the Council also reached consensus regarding EU Data Protection reform in December of 2015. The Reform consists of two major pillars: the General Data Protection Regulation, which aims to enable people to better control their personal data, and the Data Protection Directive, which serves to help the police and criminal justice sector to “ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action,” according to a press release from the Commission. Over the next two years, the Commission will work continuously to oversee uniform application of these regulations across all member states.
The EU’s focus on cybersecurity has not been solely pan-European, though. Just last week, the Safe Harbor decision, which was concerned with transnational data flow between the EU and the United States and was overturned in 2015, spurred the establishment of the EU-US Privacy Shield. EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová, said the Shield will serve in part to mend relations between the European and American companies, which was compromised following whistleblower Edward Snowden’s spotlight on American surveillance of Europe in 2013.
“We will have to work hard on restoring the trust also among the European citizens,” said Jourová.
Indeed, trust in the EU’s ability to provide policy that will adequately protect European citizens’ online privacy and foster the Digital Single Market has become a key factor in cybersecurity discourse of late. Moving into 2016, it is clear the EU institutions will strive to enhance the public’s confidence in European cybersecurity policies in order to protect people’s data and help the pan-European market flourish in the process.