The EU’s implementation of cross-border enforcement to enhance data security and deter cybercrime : an apt response or is further enforcement needed?

Abstract

This dissertation examines the legal regimes regulating both cybersecurity as well as the protection of personal data, focusing mainly on the legal advancements within the protection of critical sectors and the present data protection regime; both of which have been updated to reflect a more modern ideology on cybercrime and its borderless nature. In this respect, the dissertation will focus on the technical and legislative measures imposed on entities within the scope of such legislation and the cooperation and information exchange mechanisms in place to achieve the goals set up both in an efficient and secure manner. With regards to the protection of network and information security, it has been identified that priority is given to technical measures, trans-border cooperation and information exchange. The principles of minimum harmonisation throughout the Union have also been recognised. Regarding this however, the nature of the Police Directive (as opposed to that of a Regulation), might give rise to certain disparities due to (at times) overly-broad approach and lee-way given to Member States in its implementation. In light of this, careful attention must be given on a case-by-case basis to the balance of the entities’ legitimate interests on the one hand, and the fundamental rights of the data subject which should not be prejudiced. On the other hand, it has been noted that the above issue is seemingly not present within the General Data Protection Regulation, possibly due to the legal-nature of a Regulation under EU Law. With this in mind, it has also been discerned that the recent data protection edifice has been adhered-to through the various compliance-requirements as well as the rights granted to data subjects within the Regulation.