- Two of the European Parliament’s committees have watered down proposed EC legislation regarding Europe’s telecoms markets.
The proposed changes have implications for telecoms regulators administering legislation and assuring compliance regarding resilience of public ecommunication networks and what telcos can and cannot do (e.g., data security breach, mobile number portability, etc.).
Some time back we informed our Twitter followers what happened on 2008-07-07, the day two of the European Parliament’s committees, namely:
- Industry, Research and Energy Committee (ITRE) and the
- Internal Market and Consumer Protection Committee (IMCO)
voted on the European Commission’s proposals to reform the EU Telecom rules. Check out the link here:
InfoSec EU regul.ENISA stays til 2012,data security breach regul.watered down by 2 committees-EU Parliament see http://regustand.cytrap.eu/?p=120Important here is that Industry Committee also approved a report by Pilar del Castillo (EPP-ED, ES), which proposes setting up a Body of European Regulators in Telecommunications (BERT), composed of the 27 national regulatory authorities, as an alternative to the European Electronic Communications Market Authority (EECMA) advocated by the Commission.
What it means for InfoSec
The compromise proposal put forward by the ITRE Committee, Catherine Trautmann and Pillar del Castillo Vera as well as the IMCO Committee, Malcolm Harbour for the draft framework directive was accepted. This brings in a few changes and 30 amendments. Several things are of interest to people in InfoSec
a) ENISA‘s mandate is being extended until 2012 – if this means that the agency will exist beyond or move in the meantime from Crete somewhere else is not known at this time. However, some members felt that a move might have to be considered as well to a more central location to improve accessibility of ENISA and its human capital to Member States and regulators.
b) The EC had proposed some stringent rules regarding data loss and data security breaches. These would have required telcos and internet service providers to meet stringent guidelines and to inform consumers in case privacy of data would have been breached. This proposed part of the legislation was watered down by the committee, something that is really unfortunate.
c) BERT was suggested as an alternative mechanism to EECMA. How such a body will be effective in its daily operations is, however, very questionable. Members of Parliament discussing the EC proposal failed to go into any detail how this would work out in practice (how will compliance be checked, enforced or best practices evolve to make BERT effective)
Tidbit
Even though the final view of the European Parliament will only be known once the Plenary has voted on the Commission proposal – 2008-09-03 is to be the day – the votes in ITRE and IMCO are important steps towards shaping the final legislative texts to be adopted by the European Parliament and the Council.