Cyber Security Industry Alliance Newsletter • Volume 2, Number 2 • October 2005

Global Perspectives


The Commission issued a Communication on digital libraries, which it defines as organised collections of digital content made available to the public. The initiative is part of i2010 and aims to make European information resources easier and more interesting to use in an online environment.

The Communication is accompanied by a consultation that deals with some of the major challenges influencing digitisation, online accessibility and digital preservation. Submissions to the consultation may also feed into the forthcoming review of the copyright framework. The deadline for comments is 26 January 2006.

Details of the online consultation can be accessed at:

Data Retention

On 26 September 2005 Peter Hustinx, the European Data Protection Supervisor (EDPS), published an opinion on the Commission proposal for a data retention directive. He is not convinced of the necessity of the proposed directive but, if the institutions are to go ahead with the directive, he sets out a number of criteria that it should meet:

  • Strictly limited retention periods that must reflect the needs of law enforcement and be harmonised across the member states, laying down maximum periods of retention. Longer periods than 6 and 12 months (as proposed) are not acceptable

  • A limited amount of data to be stored, which must reflect the needs of law enforcement and ensure that access to content data is not possible

  • Adequate safeguards - specific provisions on access to the retained data by competent authorities are needed to ensure that no one but the relevant law enforcement services can use the data in individual cases
  • Adequate technical infrastructure must be put in place to ensure the security of the data, including financial incentives to this effect

  • Data subjects must be able to exercise their rights and data protection authorities must be able to supervise effectively

The EDPS concludes that co-decision (where Council and Parliament decide jointly on the final text) is the only acceptable legislative process given the sensitive nature of this matter.

On 27 September 2005 the European Parliament rejected the joint proposal for a framework decision on the retention of communications data submitted by France, the United Kingdom, Ireland and Sweden to the Council. The Parliament considered the proposal a threat to the privacy of citizens following a report from their Civil Liberties Committee on 23 September 2005. However, under the consultation procedure governing this proposal, the Parliament's opinion is not binding.

Parliament welcomed the Commission’s proposal for an alternative data retention directive in which the Parliament will have co-decision power.

Rapporteur: Alexander Nuno Alvaro (Civil Liberties Committee):

Results of EP Plenary vote on 27 September:

The Permanent Representatives (Ambassadors) of the 25 member states discussed their draft Framework Decision on data retention on 4 October 2005 and are trying to reach agreement on the text.

ENISA Update

In an opinion issued on 22 September 2005, the European Court of Justice’s Advocate General Kokott stated that Regulation 460/2004 setting up the European Network and Information Security Agency (ENISA) should be annulled and its effects preserved for up to two years until a correctly adopted measure replaces it.

Regulation 460/2004 establishing the European Network and Information Security Agency (ENISA) was based on Article 95(1) of the Treaty, which provides for the adoption of harmonisation measures relating to the internal market. The UK has brought an action for annulment contesting this legal basis, arguing that it should instead have been based on Article 308 of the Treaty. Article 308 is used where the Treaty provides no other legal base for a measure aiming to achieve one of the Community’s objectives. The UK argues that the Regulation regulates the establishment and organisation of ENISA, which does not contribute directly to the approximation of member states’ provisions. The EU institutions argue that ENISA contributes to the approximation by collecting and distributing information, advising Community interests and national regulatory bodies, and promoting cooperation between interest groups.

Advocate General Kokott pointed out that this case is of great importance for legislative practice, since the Community legislature has increasingly set up agencies on the basis of special competences in specific sectors rather than on the basis of Article 308. While acknowledging that ENISA will potentially make some contribution to the approximation of laws, Kokott did not consider this sufficient to be regarded as a measure for the approximation of laws, as it is not possible to predict whether this harmonisation will happen and what form it could take. Furthermore, Article 95 cannot be understood as permitting all measures for the elimination of obstacles to the internal market: there must be an element of approximation of laws. She left open the question of whether there are fundamental obstacles to the establishment of an agency on the basis of Article 95(1) or any other specific Treaty bases without recourse to Article 308.

Kokott has recommended that, in the interests of legal certainty, the effects of the annulled Regulation should continue until a new regulation is adopted on the correct legal basis, but not longer than the end of the second budgetary year after delivery of the judgment. The opinion was delivered in the context of an action for annulment brought by the UK against the European Parliament and the Council.

The full text of this Opinion can be found at

The next stage in the process will be a ruling by the European Court of Justice.

Internet Governance and WSIS (World Summit on the Information Society) — The European View

In a speech delivered at the closure of the Liverpool Audiovisual Conference on 22 September 2005, DG Information Society and Media Commissioner Viviane Reding asserted that she has "no intention to regulate the Internet!"

The 3rd Prep-Com Meeting of the World Summit of Information Society (WSIS) took place in Geneva (19 to 30 September 2005). The EU delegation submitted a proposal to the meeting which supports the creation of a new international body to govern the Internet.

David Hendon from the UK’s Department for Trade and Industry and spokesperson for the EU delegation, suggested that a new co-operative model would build on the existing ICANN organisation but that "its legal status has to change. It will need to be established under international law rather than US law". He stated that, “We expected this proposal to move the summit along from the stalemate. It is unreasonable to leave in the hands of the U.S. the power to decide what happens with the Internet in other countries.” The EU is not alone in questioning the way that the Internet is governed; Brazil, India and Iran have also voiced concern about the current arrangements. David Gross, the State Department official in charge of America's international communications policy said "It's a very shocking and profound change of the EU's position. The EU's proposal seems to represent an historic shift in the regulatory approach to the Internet from one that is based on private sector leadership to a government, top-down control of the Internet."

Online Public Procurement

The European Commission published a document on 15 July 2005 explaining and interpreting the rules on electronic public procurement that are part of the new public procurement directives adopted in 2004. The aim is to assist member states when transposing the directives into national law.

Link to relevant documents

Article 29 Working Party / RFID

The Article 29 Working Party met at the end of September 2005 and agreed to publish a summary of the submissions to the consultation on the Working Party’s RFID paper which was carried out earlier in the year. There were eight responses from individuals, one consumer association, nine universities or think tanks and sixteen corporations or trade organisations. Most responses came from EU countries, and approximately 10% were from the US and Canada.

Industry responses fell into two categories: the communications and information technology sector and the retailers. Most private consumer associations, universities and think tanks looked on the Article 29 Working Party positively while industry appreciation varied. Almost all responses recognised the value of the work and the fact that the Working Party had put effort into the paper, some respondents were critical of certain conclusions, with the exception of the “industry providing security solutions, which is as appreciative of the paper as consumers and universities”. A repeated criticism of the paper was that the examples of RFID applications used are not realistic. It was argued that societal benefits and a realistic appreciation of the technical possibilities of the technology to also be considered when judging RFID applications.


In a speech delivered at the closure of the Liverpool Audiovisual Conference, DG Information Society and Media Commissioner Viviane Reding said that nascent markets and services should only be subject to 'light touch' regulation (e.g., EU's approach to VoIP).


EURid announced on 5 October 2005 that registrations for .eu would begin from 7 December 2005. It will mark the start of a 4-month “sunrise” period during which only the holders of existing trademarks or other prior rights may register. Registrations for .eu will be fully open to the public from the beginning of April 2006.

European Institute of Technology (EIT)

On 16 September 2005 the Commission launched a public consultation on whether and how to establish a European Institute of Technology. The idea was put forward in the context of the mid-term review of the Lisbon Process back in February this year. The Commission believes that, despite Europe’s many successes in research and education, this is not always translated into competitive advantages for European enterprises. Jan Figel, European Commissioner for Education, Training, Culture & Multilingualism said that “a European Institute of Technology could play an innovative role in supporting knowledge transfer, attracting the best researchers and companies from around the world to work in partnership.

The consultation is seeking views on how such an Institute might work, what its objectives and added value might be and what sort of structure or organisation it should have. All comments received through the on-line consultation will be published in the consultation report which will be available early in 2006.

Television without Frontiers Directive (TVWF)

The TVWF Directive was adopted in 1989 and amended in 1997 with a view to boosting the development of a European market in broadcasting and related activities. Another revision was launched in 2003 and focuses on four key issues: (i) general access to major events, (ii) cultural diversity and programming quotas, (iii) advertising rules, and (iv) protection of minors. A conference held in Liverpool from 20-22 September 2005 under the UK Presidency was the last stage in the review process of the Directive.

One of the more controversial questions (making the revision necessary) was the question of whether new online services should be restricted in terms of content in the same way as traditional television (the TVWF Directive requires that a majority of European works be broadcast). Commissioner Reding stated at the Liverpool conference that she believes there should be a distinction between linear and non-linear services (the latter normally being linked with “video on demand” services) and indicated that it was not possible to transfer broadcasting quotas to non-linear services (logical given that the users choose what they want to watch, based on a catalogue), but she did not suggest an alternative.