Cybersecurity, privacy and data protection in EU law : a law, policy and technology analysis

Abstract

Is it possible to achieve cybersecurity while safeguarding the fundamental rights to privacy and data protection? Addressing this question is crucial for European democratic societies, where information technologies have taken centre stage in all areas of communal life. This timely book answers the question with a comprehensive approach that combines legal, policy and technological perspectives to capture the essence of the relationship between cybersecurity, privacy and data protection in EU law. The book identifies tensions inherent in the EU cybersecurity policy and its implementation, the reach of cyberspace and its security, the meaning of 'data', as well as the value of privacy and data protection. The book's novel analysis looks at the interplay between the design of the technology implementing the applicable law, such as the GDPR and the NIS Directive, and the layered configuration of fundamental rights in EU law. This original analysis outlines the possible combinations of the relationship between cybersecurity, privacy and data protection in EU law, from outright clash to complementarity. An essential read for scholars and practitioners of IT law alike, the book demonstrates that reconciliation between cybersecurity, privacy and data protection relies on explicit and brave political choices, which require deciding what needs to be protected, and how.