Maria Grazia Porcedda

Trinity College Dublin this week hosted a launch event for Cybersecurity, Privacy and Data Protection in EU Law — A Law, Policy and Technology Analysis by Dr Maria Grazia Porcedda, assistant professor in Trinity School of Law.

The book, published by Bloomsbury’s Hart Publishing, provides an analysis of the legal, policy and technological perspectives to capture the essence of the relationship between cyber security, privacy and data protection in EU law.

Speaking on the launch, Dr Porcedda said: “We must reconsider the interplay between technology development, standardisation and legislation against the background of geopolitical competition over technology and cybersovereignty.”

An expert in information technology law, she says that it may be possible to achieve cybersecurity while safeguarding the fundamental rights to privacy and data protection, but this will only be achieved as a result of a brave rethinking of our ways to regulate technology.

She said: “Current digital legal frameworks in the EU are premised on the notion that technology development, standardisation and legislation are seamlessly intertwined, but they are in fact disjointed.

“In this way, technology is simply effaced from the law and it becomes harder to build law’s expectations into practical tools. Furthermore, the same regulatory schema are being replicated across all areas of EU digital policymaking without adequate consideration of the impact of these legal frameworks.”

Dr Porcedda explained: “For historical reasons, laws addressing cyberspace and digital technologies do not explicitly name the technologies in question. The implementation of these laws is left to mechanisms that are more informal and voluntary, which cannot, on their own, meet the law’s goals of reconciling business or state interests with a high level of protection of rights.

“Higher courts, such as the Court of Justice of the European Union, as a result cannot redress this shortcoming because they must interpret laws as they are ­and they cannot engage with technology if the technology has been effaced from the law.

“Consequently, the relationship between cybersecurity, privacy and data protection ends up being decided on a case-by-case basis, depending on the technologies used in practice. This prevents a unified approach that can deliver high levels of protection of cybersecurity, privacy and data protection and decide on the level of reconciliation we want.

“To get the best of both worlds, we need for the law to engage with its technological implementation, and this is an inherently political process.

“Addressing this question is crucial for European democratic societies, where information technologies have taken centre stage in all areas of communal life.”