1 results
Chapter 5 - Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
-
- By Thomas Marquenie, University of Leuven in 2015 and specialised in Criminal, International and European Law., Katherine Quezada, MAGNETO project within CiTiP.
- Edited by Anton Vedder, Jessica Schroers, Charlotte Ducuing, Peggy Valcke
-
- Book:
- Security and Law
- Published by:
- Intersentia
- Published online:
- 23 January 2020
- Print publication:
- 01 October 2019, pp 97-128
-
- Chapter
- Export citation
-
Summary
INTRODUCTION
Information and communication technologies are cornerstones of modern society. Automated computer processes and the continuous collection, analysis and creation of data are staples of each current industry, service and sector. As data analytics are now vital in both the public and private sphere, securing confidential and valuable information remains a key goal of computer science. To this end, the concept of information security revolves around the identification and implementation of concrete safeguards based on the three fundamental tenets of Confidentiality, Integrity and Availability. While these principles are generally accepted in the field of computer science, they do not constitute universal or legally binding conditions. The current EU legal framework on cybersecurity does not impose general or specific obligations on developers of information technologies for private or public actors. Still, as the undue disclosure or processing of confidential information can have serious consequences, the EU legislator recently finalized its data protection reforms to further safeguard personal data. In addition to the General Data Protection Regulation (GDPR), the reforms also consist of a Law Enforcement Directive (DPLE) for the purpose of regulating the collection, processing and storage of personal information in the context of policing.
As innovative technologies are rapidly adopted by law enforcement agencies to detect, investigate and prevent crime, the negative impact of security breaches can significantly affect the safety and integrity of citizens and police practices. It is in light of these developments that this chapter seeks to assess whether compliance with the recent European legislation on data protection may support the realization of fundamental principles of information security in a law enforcement context. To this end, it provides an outline of the principles of information security followed by an overview of the current legal framework on cybersecurity and data protection in the EU. The differences and similarities between information security and data protection are examined in order to determine to what extent law enforcement technology and practice could rely on the applicable data protection legislation to ensure sufficiently high standards of information security. Finally, to illustrate how the concrete implementation of security requirements in data protection might actually support the accomplishment of high standards of information security in practice, the chapter concludes with a brief assessment of security protocols applied in two law enforcement systems developed in the framework of European research projects.