This policy primer looks at current privacy risks for European consumers, how current legal rules are insufficient in protecting consumers’ privacy in the age of 5G technologies, and what can be done by legal change and other policy measures to minimize consumers’ exposure to data leaks and privacy breaches.
The scope of this analysis:
- The key interests of consumers include not only low prices and quick adoption of valuable new technologies, but also privacy and data security.
- Government and private actions that undermine privacy and data security expose consumers to serious risk of significant harm (for example: financial crime, identity theft).
- Here, we focus on the problem of vulnerability of devices and software to malicious interference (data security). We are concerned with consumer products and services, as well as with electronic infrastructure.
- Consumers are best served by outcomes-focused and evidence-based policy. Blunt instruments like total bans based on country of origin should be seen as measures of last resort.
- We recommend using liability rules for operators and resellers of software and devices that expose consumers to risk of malicious and illegal interference. Personal liability of company directors may be worth considering.
- Liability standards should be assisted by security certification of software and devices (like proposed in the EU’s “Cybersecurity Act”). The approach proposed by the EU Commission in its new recommendation on security of 5G networks is consistent with our recommendations.
- Promotion of strong encryption and of secure methods of authentication should be a significant part of the effort to safeguard consumer interests