| Acknowledgements |
|
v | |
| Abbreviations |
|
xi | |
|
|
|
xv | |
|
|
|
xvii | |
|
|
|
xxiii | |
| Introduction |
|
1 | (8) |
|
I Investigating the Relationship of the Triad |
|
|
2 | (3) |
|
|
|
5 | (4) |
|
PART 1 INTRODUCING CYBERSECURITY, PRIVACY AND DATA PROTECTION LAW AND THEIR INTERPLAY |
|
|
|
1 Cybersecurity, Privacy and Data Protection: An Analytical Framework |
|
|
9 | (31) |
|
I Studying the Relationship between Cybersecurity, Privacy and Data Protection |
|
|
10 | (16) |
|
A Introducing Cybersecurity, Privacy and Data Protection (the Triad) |
|
|
10 | (5) |
|
B The Ambivalent Relationship of the Triad |
|
|
15 | (7) |
|
C Towards an Analytical Framework to Study the Reconciliation of the Triad |
|
|
22 | (4) |
|
II The Triad within the EU Constitutional Architecture: A Policy, Law and Technology Analysis |
|
|
26 | (12) |
|
A The EU Constitutional Architecture as a Constraint on the Relationship between Cybersecurity, Privacy and Data Protection |
|
|
27 | (9) |
|
B Cybersecurity, Privacy and Data Protection as Situated Objects: Law, Policy and Technology |
|
|
36 | (2) |
|
III Conclusion: An Analytical Framework to Study the Relationship of the Triad |
|
|
38 | (2) |
|
2 The EU Cybersecurity Policy |
|
|
40 | (28) |
|
I The Development of the EU Cybersecurity Policy |
|
|
40 | (12) |
|
A The EU's Approach to the Security of Cyberspace before 2013 |
|
|
40 | (5) |
|
B The Adoption of the EU Cybersecurity Policy |
|
|
45 | (3) |
|
C The 2017 `Update' to the Cybersecurity Policy |
|
|
48 | (2) |
|
D The 2020 Cybersecurity Policy |
|
|
50 | (2) |
|
II The EU Cybersecurity Policy and Law Landscape |
|
|
52 | (14) |
|
A Network and Information Security (NIS) and the DSM |
|
|
53 | (4) |
|
B Cybercrime, e-Evidence and the AFSJ |
|
|
57 | (5) |
|
C Cyber Defence, Diplomacy, Trade and the EA |
|
|
62 | (4) |
|
III Conclusion: Tensions within Cybersecurity and the Way Forward |
|
|
66 | (2) |
|
3 Privacy: The Right to Respect for Private and Family Life |
|
|
68 | (29) |
|
I Sources and Scope of Article 7 CFR |
|
|
68 | (9) |
|
A Determination of the Relevant Sources to Interpret Article 7 CFR |
|
|
69 | (2) |
|
B The Correspondence between Articles 8 ECHR and 7 CFR |
|
|
71 | (6) |
|
II Essential Components of Article 7 of the Charter |
|
|
77 | (17) |
|
A `Everyone has the Right to' |
|
|
77 | (1) |
|
B `Respect for': Vertical and Horizontal Obligations |
|
|
78 | (2) |
|
C `His or Her Private Life' |
|
|
80 | (8) |
|
D Family Life (The `Inner Circle') |
|
|
88 | (2) |
|
|
|
90 | (1) |
|
F (Confidential) Communications |
|
|
91 | (3) |
|
III Conclusion: Essential Components of Article 7 CFR, Essence |
|
|
94 | (3) |
|
4 The Right to the Protection of Personal Data |
|
|
97 | (32) |
|
I Sources of Article 8 CFR |
|
|
97 | (14) |
|
|
|
98 | (4) |
|
B Council of Europe Instruments: The ECHR and Convention 108 |
|
|
102 | (8) |
|
|
|
110 | (1) |
|
II Essential Components of Article 8 CFR |
|
|
111 | (14) |
|
A Paragraph One: An Inclusive Right to Data Protection |
|
|
111 | (8) |
|
B Paragraph Two: Obligation to Process Data Fairly, Purpose Limitation as Essence and Data Subjects' Rights |
|
|
119 | (3) |
|
C Everyone has the Right of Access to Data which has been Collected Concerning Him or Her, and the Right to have it Rectified |
|
|
122 | (1) |
|
D Paragraph Three: Control by an Independent Authority Ensuring Compliance |
|
|
123 | (2) |
|
III Conclusion: Essential Components of Article 8 CFR, Essence |
|
|
125 | (4) |
|
PART 2 TECHNOLOGY AND THE TRIAD IN THE DSM, THE AFSJ AND THE EA |
|
|
|
5 Cybersecurity, Privacy and Data Protection as Techno-Legal Objects: Investigating the Role of Technology |
|
|
129 | (28) |
|
I Leveraging Technology to Appraise the Reconciliation of the Triad |
|
|
130 | (11) |
|
A Technology: Security Properties, Threat Modelling, Protection Goals and Design Strategies |
|
|
130 | (2) |
|
B Linking Technological and Legal Notions of Cybersecurity, Privacy and Data Protection |
|
|
132 | (6) |
|
C Mode of Reconciliation of the Triad: From Overlap to Indeterminacy |
|
|
138 | (3) |
|
II Technology as a Regulatory Target: The Effacement of Technology from the Law and its Consequences |
|
|
141 | (11) |
|
A The Principle of Technology Neutrality |
|
|
142 | (2) |
|
B The Principle of `By Design' |
|
|
144 | (2) |
|
C TN and By Design in Practice: TOMs, SoA, Standards and the New Legislative Framework |
|
|
146 | (6) |
|
D Interim Conclusions: Technology Effacement and Indeterminacy |
|
|
152 | (1) |
|
III Courts, the Effacement of Technology and the Indeterminacy Loop |
|
|
152 | (3) |
|
|
|
155 | (2) |
|
6 The DSM: Network and Information Security (NIS), Privacy and Data Protection |
|
|
157 | (38) |
|
I Reconciliation of Network and Information Security, Privacy and Data Protection: Policy |
|
|
158 | (2) |
|
II Reconciliation of NIS, Privacy and Data Protection: Law |
|
|
160 | (17) |
|
A Overview of Legal Instruments Relevant to NIS |
|
|
161 | (1) |
|
B Comparative Analysis of Selected Instruments |
|
|
162 | (14) |
|
C Interim Conclusion: Strong Reconciliation of NIS with Privacy and Data Protection in the Law |
|
|
176 | (1) |
|
III Reconciliation of NIS, Privacy and Data Protection: Technology |
|
|
177 | (16) |
|
A State-of-the-Art ToMs and the Regulation of ICT Products, Services and Processes: Strong Reconciliation (Im)possible? |
|
|
178 | (4) |
|
B State of the Art Technical Measures: The Example of Deep Packet Inspection (DPI) |
|
|
182 | (11) |
|
IV Conclusion: Strong Reconciliation of NIS with Privacy and Data Protection Challenged by Technology |
|
|
193 | (2) |
|
7 The AFSJ: The Fight against Cybercrime, e-Evidence, Privacy and Data Protection |
|
|
195 | (45) |
|
I Reconciliation of the Fight against Cybercrime, e-Evidence, Privacy and Data Protection: Policy |
|
|
196 | (4) |
|
II Reconciliation of the Fight against Cybercrime, e-Evidence, Privacy and Data Protection: Law |
|
|
200 | (29) |
|
A Reconciling the Fight against Cybercrimes with Privacy and Data Protection |
|
|
202 | (17) |
|
B How the Collection of e-Evidence Affects the Reconciliation of the Fight against Cybercrime with Privacy and Data Protection |
|
|
219 | (10) |
|
III Reconciliation of the Fight against Cybercrime, E-evidence, Privacy and Data Protection: Technology |
|
|
229 | (10) |
|
A `Use of Tools' and Implicit Reference to Technology Neutrality (TN) |
|
|
230 | (2) |
|
B Deep Packet Inspection (DPI) in the Fight against Cybercrimes |
|
|
232 | (5) |
|
C Beyond DPI: Technical Measures to Fight Cybercrime and Visions of Reconciliation Through Technology |
|
|
237 | (2) |
|
IV Conclusion: Weak Reconciliation of the Fight against Cybercrime, e-Evidence, Privacy and Data Protection Challenged by Technology |
|
|
239 | (1) |
|
8 The EA: `Cyber' External Action, Privacy and Data Protection |
|
|
240 | (21) |
|
I Reconciliation of Cybersecurity, Privacy and Data Protection in the EA: Policy |
|
|
241 | (3) |
|
II Reconciliation of Cybersecurity, Privacy and Data Protection in the EA: Law |
|
|
244 | (11) |
|
A The Overarching Framework for the Relationship between the Triad in the EA |
|
|
245 | (3) |
|
B The Cyber Diplomacy Toolbox with a Focus on Cyber-Related Restrictive Measures |
|
|
248 | (6) |
|
C Reconciliation of Cybersecurity, Privacy and Data Protection in EA Law |
|
|
254 | (1) |
|
|
|
255 | (4) |
|
A The Importance of Technical Attribution for RMs and Some Considerations on Deep Packet Inspection |
|
|
256 | (1) |
|
B The Effacement of Technology: International Flow of Values, Norms, Ideas and Impact on the Triad |
|
|
257 | (2) |
|
IV Conclusion: Weak Reconciliation of Cyber External Action, Privacy and Data Protection Challenged by Technology |
|
|
259 | (2) |
|
|
|
261 | (9) |
|
|
|
261 | (6) |
|
II Research Trajectories and the Future of the Triad |
|
|
267 | (3) |
| Bibliography |
|
270 | (23) |
| Index |
|
293 | |
