The article is open access, and therefore available to download.
Abstract: The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive’s addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU’s General Data Protection Regulation.
Vagelis Papakonstantinou has been appointed a member of the law-making committee drafting the GDPR (and the Police and Criminal Justice Data Protection Directive) implementation law in Greece. The law-making committee, established under the Greek Ministry of Justice, has been in session since 2016 but has not been able to produce a final legislative act yet, although public consultation has already taken place on a previous draft. Under its current mandate the committee needs to conclude all relevant works until end of February 2019.
Vagelis Papakonstantinou is co-editor of a new book, on “Privacy and Data Protection Seals“, published by TMC Asser Press. The book presents timely and needed contributions on privacy and data protection seals as seen from general, legal, policy, economic, technological, and societal perspectives. It covers data protection certification in the EU (i.e., the possibilities, actors and building blocks); the Schleswig-Holstein Data Protection Seal; the French Privacy Seal Scheme; privacy seals in the USA, Europe, Japan, Canada, India and Australia; controversies, challenges and lessons for privacy seals; the potential for privacy seals in emerging technologies; and an economic analysis. This book is particularly relevant in the EU context, given the General Data Protection Regulation (GDPR) impetus to data protection certification mechanisms and the dedication of specific provisions to certification. Its coverage of practices in jurisdictions outside the EU also makes it relevant globally.
This book will appeal to European legislators and policy-makers, privacy and data protection practitioners, certification bodies, international organisations, and academics. Rowena Rodrigues is a Senior Research Analyst with Trilateral Research Ltd. in London and Vagelis Papakonstantinou is a Senior Researcher at the Vrije Universiteit Brussel in Brussels.
Vagelis Papakonstantinou new paper with Paul de Hert, Gianclaudio Malgieri, Laurent Beslay and Ignacio Sanchez on “The Right to Data Portability in the GDPR: Towards user-centric Interoperability of Digital Services” to be published in the Computer Law & Security Review, has been pre-published online. Our paper is open access, thanks to a generous grant by EU Commission’s Joint Research Centre.