Companies are skeptical about European Union plans to develop bloc-wide consumer labeling frameworks to show the cybersecurity and data protection safeguards that are built into internet-connected devices, privacy professionals told Bloomberg BNA Feb. 7.
The European Commission, the EU’s executive arm, is working on parallel schemes for labeling internet of things (IoT) devices, which include home lighting systems, refrigerators and other devices that carry sensors and collect personal data.
Though certifications could be useful to companies with privacy-conscious customers, a mandatory system could be viewed as onerous by those preferring a flexible approach to cybersecurity labeling.
Alex Whalen, senior policy manager at DIGITALEUROPE, which represents information technology and consumer electronics companies, told Bloomberg BNA Feb. 7 that the commission believed privacy labels, similar to energy efficiency labels, could be developed for products. But the complexity and fast-changing nature of digital sectors makes the comparison questionable, he said.
The companies that provide electrical goods come from “much more static industries,” Whalen said. But a label in the cybersecurity world is outdated as soon as it’s issued, creating a “high risk of misleading customers,” he said.
Peter Van Dyck, a senior associate with Allen & Overy LLP in Brussels, told Bloomberg BNA Feb. 7 that he wondered how cybersecurity labeling would work in practice. “Given the continuous technological innovations, one-size-fits-all cybersecurity labeling hardly seems realistic,” he said.
Some national cybersecurity certification schemes already exist in the EU, such as France’s voluntary First Level Security Certification scheme that certifies that information and communications technology (ICT) systems and products pass a series of baseline cybersecurity tests.
The commission floated the idea of “a trusted IoT label” in an April 2016 strategy paper on the EU digital single market. Such a label “could be developed for consumer products, providing transparency about different levels of privacy and security,” it said.
In a separate July 2016 cybersecurity strategy paper, the commission said it would “explore the creation of a European, commercially oriented, voluntary and lightweight labeling scheme for the security of ICT products.”
Commission Spokeswoman Nathalie Vandystadt told Bloomberg BNA Feb. 6 that a study would start “in the coming months” on the feasibility and impact of a European cybersecurity labeling scheme. She did not specify when firmer proposals to establish such a scheme might be published.
Along with that effort, the commission is encouraging IoT operators and service provides to develop and adopt a trusted label to give consumers “transparent information about different levels of privacy and security,” Vandystadt said.
Whalen said most digital technology companies were “highly skeptical of the whole process,” and that cybersecurity standards and certification should be voluntary, industry-led and developed on a global scale. National schemes like the one in France are “very specific to the member state marketplace,” he said.
Although labeling schemes could prove useful when “many companies are increasingly struggling with questions of customers on the security of their products and service,” Van Dyck said, companies would prefer voluntary standards so they could have an “additional tool” for convincing customers their products are secure without having to use cybersecurity labels on every product or service.
“Some companies may be reluctant to apply a cybersecurity label to very innovative technologies if they believe that the labeling criteria are not fit for purpose for their new technology, or are outdated,” he said.
To contact the reporter on this story: Stephen Gardner in Brussels at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)