< Back to previous page

Project

Towards a Uniform Approach in EU Cyber Security Law? Responsibilities of Online Market Places in the E-commerce Environment as a Case Study

After the transition to a more digitalised world, cybersecurity incidents have skyrocketed. In the absence of legal responsibilities, undertakings are unlikely to deploy effective cybersecurity measures. This problem is caused by the undertakings' unwillingness to consider the expenses borne by society and other undertakings in the event of a cybersecurity incident. In response to this problem, the EU legislative framework imposes various responsibilities, such as risk management and incident notification obligations, to ensure cybersecurity. However, whether this is achieved through appropriate legal norms has been the focus of debate among legal scholars.
In terms of the responsibilities of undertakings, legal scholars identified two major problem clusters. The first problem cluster concerns cybersecurity responsibilities (risk management and notification) and the overlapping legal framework for personal data security. The second problem cluster concerns the need for a more holistic approach to data (personal or non-personal) in cybersecurity law. Following a review of the legal scholarship literature, I concluded that there are certain gaps, including ambiguities, a lack of comprehensiveness, and missing perspectives, that should be filled within the legal literature discussion of the appropriateness of cybersecurity law. For example, the adequacy of the EU legislative cybersecurity framework based on personal data-non-personal data categorisation has not been debated comprehensively in the literature, despite the economic value of data as such. Furthermore, in the case of a conflict between cybersecurity rules and data protection law, how this conflict should be resolved has not been thoroughly examined. As a result, there is no systematic research to assess those legal rules to construct a more appropriate cybersecurity law.
This study seeks to address the gaps mentioned above by assessing current EU legislation based on the proposed evaluative and normative framework. This framework will be built on security, data protection, privacy, property, freedom to conduct business, accountability, and fairness. Furthermore, online marketplaces will be used as a case study in order to examine the existing EU legislative framework that applies to them (GDPR, NIS Directive, and Implementing Regulation (Regulation (EU) 2018/151), because the use of online marketplaces in e-commerce and the data processed by online marketplaces continues to grow.
This study's research methodology will be based on doctrinal analysis when it comes to interpreting legal norms. However, in order to benefit from the interdisciplinary nature of cyber security, not only the sources in the legal area, but also the literature in the fields of information security and risk management will be examined in depth.

Date:6 Feb 2021 →  Today
Keywords:data integrity, cross border e-commerce, data protection, data security
Disciplines:Information law
Project type:PhD project