Abstract

Breaches of security, a.k.a. security and data breaches, are on the rise, one of the reasons being the well-known lack of incentives to secure services and their underlying technologies, such as cloud computing. In this article, I question whether the patchwork of six EU instruments addressing breaches (Framework Directive, e-Privacy Directive, eIDAS Regulation, PSD2, GDPR, NIS Directive) is helping to prevent or mitigate breaches as intended. At a lower level of abstraction, the question concerns appraising the success of each instrument separately. At a higher level of abstraction, since all laws converge on the objective of network and information security – one of the three pillars of the EU cyber security policy – the question is whether the legal ‘patchwork’ is helping to ‘patch’ the underlying insecurity of network and information systems thus contributing to cyber security. To answer the research question, I look at the regulatory framework as a whole, from the perspective of network and information security and consequently I use the expression cyber security breaches. I appraise the regulatory patchwork by using the three goals of notification identified by the European Commission as a benchmark, enriched by policy documents, legal analysis, and academic literature on breaches legislation, and I elaborate my analysis by reasoning on the case of cloud computing. The analysis, which is frustrated by the lack of adequate data, shows that the regulatory framework on cyber security breaches may be failing to provide the necessary level of mutual learning on the functioning of security measures, awareness of both regulatory authorities and the public on how entities fare in protecting data (and the related network and information systems), and enforcing self-improvement of entities dealing with information and services. I conclude with some recommendations addressing the causes, rather than the symptoms, of network and information systems insecurity.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Patching the patchwork: appraising the EU regulatory framework on cyber security breaches
Maria Grazia Porcedda
Computer Law & Security Review: The International Journal of Technology Law and Practice | VOL. 34
Maria Grazia PorceddaMaria Grazia Porcedda
27 Jun 2018
The State of Information Security Law: A Focus on the Key Legal Trends
Thomas J Smedinghoff
EDPACS | VOL. 37
Thomas J SmedinghoffThomas J Smedinghoff
16 Jan 2008
About Our Authors
-
Information Systems Research | VOL. 24
--
01 Jun 2013
The Relevance and Applicability of Cybersecurity Laws with Regard to Data Storage on Board Satellites and on the Ground
Dimitra Stefoudi
Air and Space Law | VOL. 44
Dimitra StefoudiDimitra Stefoudi
01 Sep 2019
View more papers

More From: SSRN Electronic Journal

Paper Title
Journal
Date
Author
A Machine Learning Approach for Imputing ECG Missing Healthcare Data
Raja Vavekanand
SSRN Electronic Journal | VOL. -
Raja VavekanandRaja Vavekanand
01 Jan 2024
Towards Workers’ Environmental Rights: An Analysis of EU Labour and Environmental Law
Kalina Arabadjieva ... Paolo Tomassetti
SSRN Electronic Journal | VOL. -
Kalina Arabadjieva, et. al.Kalina Arabadjieva ... Paolo Tomassetti
01 Jan 2024
Do Migrants Displace Native-Born Workers on the Labour Market? The Impact of Workers' Origin
Valentine Fays ... Benoit Mahy
SSRN Electronic Journal | VOL. -
Valentine Fays, et. al.Valentine Fays ... Benoit Mahy
01 Jan 2024
Denmark: Roskilde Bank Restructuring, 2008
Bailey Decker
SSRN Electronic Journal | VOL. -
Bailey DeckerBailey Decker
01 Jan 2024
View more papers