Data protection and the prevention of cybercrime : a dual role for security policy in the EU?
Florence : European University Institute, 2012, EUI LLM theses, Department of Law
PORCEDDA, Maria Grazia, Data protection and the prevention of cybercrime : a dual role for security policy in the EU?, Florence : European University Institute, 2012, EUI LLM theses, Department of Law - https://hdl.handle.net/1814/26594
Retrieved from Cadmus, EUI Research Repository
Cybercrime and cyber-security are attracting increasing attention, both for the relevance of Critical Information Infrastructure to the national economy, and the interplay of the policies tackling them with ‘ICT sensitive’ liberties, such as privacy and data protection. As such, the subject falls in the ‘security vs. privacy’ debate. The objective of this study is twofold. On the one hand, it is descriptive: it aims to cast light on the (legal substantive) nature of, and relationship between, cybercrime and cyber security, which are currently ‘terms of hype’. On the other, it explores the possibility of reconciling data protection and privacy with the prevention of cybercrime and the pursuit of a cyber-security policy, and therefore wishes to explore causation. The latter is a subset of the wider question of whether it is possible to build ‘human rights by design’, i.e. a security policy that reconciles both security and human rights. I argue that narrow or online crimes and broad or off-line crimes are profoundly different in terms of underlying logics while facing the same procedural challenges, and that only narrow cybercrime pertains to cyber-security, understood as a policy. Yet, the current policy debate is focussing too much on broad cybercrimes, thus biasing the debate over the best means to tackle ICT-based crimes and challenging the liberties involved. I then claim that the implementation of data protection principles in a cyber-security policy can act as a proxy to reduce cyber threats, and in particular (narrow) cybercrime, provided that the following caveats are respected: i) we privilege a technical computer security notion; ii) we update the data protection legislation (in particular the understanding of personal data); and iii) we adopt a core-periphery approach to human rights. The study focuses on the EU. Due to time constraints, the interaction between privacy and data protection and other liberties involved, as well as purely procedural issues are outside of the scope of this research.
Supervisor: Prof. Giovanni Sartor, EUI; Award date: 13 February 2012; PDF of thesis uploaded from the Library digital archive of EUI PhD theses
Cadmus permanent link: https://hdl.handle.net/1814/26594
Series/Number: EUI LLM theses; Department of Law
LC Subject Heading: Data protection -- European Union countries; Computer crimes -- Prevention
Published version: http://hdl.handle.net/1814/23296