Cybersecurity and Civil Liberties: A Task for the European Union

Dangers in the Internet require global regulation on a permanent basis. At the same time, any restriction of free cyberspace – which is a global public good – may present a danger to basic rights and therefore to democracy. 

Dr. Annegret Bendiek points out that as a matter of principle, security must not come before democracy. How and by what means “critical infrastructures” (energy, transport, health) should be protected, and how private information should be treated, are questions that in future should be decided in the European Parliament and national parliaments. With regard to data protection and legal recourse against the use of data, not only EU states but also the United States and other liberal countries should embrace the idea of supranational legal norms.

The current EU cybersecurity strategy aims to promote cooperation between member states and on security technologies over the years ahead. Bendiek stresses, however, that an EU strategy should impose stricter obligations on exporters of information and communication technology. The European Parliament and national parliaments should be more comprehensively informed and involved to a greater degree in export decisions.

How free can the Internet be and what security precautions should be put in place against crime and terrorism? Self-regulation is one possible instrument. But so far parliamentary oversight and legally binding cyber policy arrangements have not been implemented at international or European level. Bendiek believes that a comprehensive EU strategy for cyberspace should facilitate global regulation as well, which would include the EU, the United States and also authoritarian countries.

Various countries are increasingly censoring, monitoring and controlling the Internet, assisted in some cases by technology provided by European and North American companies. Authoritarian regimes including Syria, Libya, Bahrain and Iran are now using these technologies. Yet this turn of events is neither in the strategic interests of Europe nor compatible with the goals of a common foreign and security policy. Existing controls implemented in the EU Code of Conduct and dual-use approval process remain insufficient. Harmonization of national arms export policies across all EU countries is necessary and should therefore extend to technology systems, so as to afford better protection to the basic rights of Internet users.