« It is essential that the European Data Certification Scheme does not endanger the high standards of data protection we have established in Europe. »
After Cigref’s alert on digital sovereignty in the face of extraterritorial laws, and in anticipation of an extended Foreign Intelligence Surveillance Act (FISA) – which would allow the United States to access European Data – it is now the turn of the European Data Protection Board (EDPB) to call on the European Union Cybersecurity Agency (ENISA) to address the risks involved.
One crucial question remains : will the EUCS currently being established be compliant with the RGPD ?
Cigref’s concerns over digital sovereignty
In April this year, Cigref members, representing the largest French companies and administrations that use digital solutions, expressed their concerns about the potential implications of the European Data Certification Scheme (EUCS) for Europe’s digital sovereignty. They are particularly concerned about the impact of extraterritorial laws, such as FISA, which could compromise the security and confidentiality of European citizens’ data.
The European Data Protection Board (EDPB) calls for more clarity
The European Data Protection Board (EDPB) has now voiced its concerns by directly addressing ENISA. The EDPB stresses the importance of ensuring that any certification scheme for cloud services is strictly aligned with the requirements of the RGPD, in order to protect the fundamental rights of individuals with regard to personal data.
The Open Internet Project (OIP) joins the initiative
The Open Internet Project (OIP), an organisation dedicated to the defense of an open and faire Internet, fully supports this initiative. OIP shares concerts expressed by Cigref and the EDPB regarding the protection of European citizens’ data. The organisation calls for increased vigilance to ensure that the new certifications do not weaken existing data protection standards within the European Union.
As previously offered to Cigref, the Open Internet Project is proposing that EDPB members work together with OIP to structure an end-to-end secure digital offering that meets the highest security requirements guaranteed for the most sensitive data. The aim is to ensure that a robust and reliable industrial response can meet the expectations of businesses, administrations and citizens .
Contacts:
Léonidas Kalogeropoulos, Managing Director : +33607315126 – l.k@openinternetproject.eu
Lucie Lebret, Project Manager : +33757503010 – lucie.lebret@mediation-arguments.com