Involved with this some time ago, continues to increase in complexity.
Cyberlaw: Where We Are and What's On the Horizon in ACM News
By Karen Emslie, Commissioned by CACM Staff, November 29, 2022
Talita Dias said viewing cyberspace as a new 'space' is misleading.
Around 120 countries have adopted data protection and privacy legislation and many have introduced new laws or amended existing ones to apply to cyberspace, often modelling them on Europe's General Data Protection Regulation.
Cyberlaw deals with the legalities of our interactions with technologies and one another in cyberspace. It is an umbrella term that encompasses matters as diverse as cybersecurity, data privacy, social media, artificial intelligence, autonomous weapons, and cryptocurrency.
New products, platforms, capabilities, and threats are constantly emerging. It is the job of lawmakers to determine how they fit into existing legal frameworks, and to create new legislation when they do n0t. However, establishing agreements has proven challenging at the country level and internationally alike, and it is an area of law that is increasingly impacted by geopolitics.
Here, we look at some existing and upcoming cyber legislation and lay out what remains up for discussion and debate.
Leading the way: data privacy, cybersecurity
One of the most developed areas of cyberlaw pertains to data and privacy. In 2018, the European Union (EU) passed the General Data Protection Regulation (GDPR) to regulate data use, processing, and privacy across the EU and the European Economic Area (EEA). The GDPR builds on the Council of Europe's 1981 legally binding Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, or Convention 108.
Today, around 120 countries have adopted data protection and privacy legislation and many have introduced new laws or amended existing ones to apply to cyberspace, often modelling them on the GDPR. They include South Korea's Personal Information Protection Act (PIPA), Japan's Act on the Protection of Personal Information (APPI), Brazil's General Data Protection Law, and South Africa's Protection of Personal Information Act (POPI).
In the U.S., the American Data Privacy and Protection Act was introduced in the House in June 2022 and is currently pending. According to Scott J. Shackelford, an expert in business law at Indiana University and executive director of the university's Center for Applied Cybersecurity Research, the U.S. has adopted a more "freewheeling model" than other countries, including "a lighter-touch regulatory, both for privacy and cybersecurity."
Individual U.S. states, however, have adopted tougher measures, such as the California Consumer Privacy Act of 2018 and its 2020 amendment, the California Consumer Privacy Act (CCPA), or Proposition 24.
For the most part, there is "a little bit of a transatlantic divide" on privacy, said Shackelford, but he sees some convergence on cybersecurity, due in part to initiatives like the United Nations' norms for Responsible State Behavior in Cyberspace, and the National Institute for Standards and Technology's Cybersecurity Framework.
Cybersecurity laws within the U.S. often vary by state. However, in March 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law. This federal legislation requires critical infrastructure companies to report cybersecurity incidents, including ransomware attacks, to the Cybersecurity and Infrastructure Security Agency (CISA). .... '
No comments:
Post a Comment