New EU Laws: An Opportunity for Threat Actors?Proposed EU Legislation Raises InfoSec Fears, Says Victoria Baines
Two major EU pieces of legislation - the Digital Markets Act and the Digital Services Act - are about to change the digital landscape. Academic Victoria Baines discusses how the proposed legislation might be problematic for information security.
The Digital Markets Act and the Digital Services Act are "really about renovating the e-Commerce Directive," which dates back to 2000, Baines says.
She says that part of the Digital Services Act obliges "gatekeepers" - which include platforms such as Microsoft, Amazon and Google - to "refrain from combining personal data sourced from core platform services with personal data from any other services that they offer." This essentially means that these platforms cannot conduct cross-platform investigations, she says.
Baines warns that this could potentially leave the door open to threat actors. "If Big Tech is unable to do cross-platform investigation and analysis, that means that more threats will go unidentified that use their platforms as vectors," she says.
In a video interview with Information Security Media Group, Baines discusses:
- An overview of the Digital Markets Act and Digital Services Act and the current status of the legislation;
- How the proposed EU legislation could change the InfoSec landscape;
- How these laws shift the balance between privacy, security and safety.
Previously, Baines was trust and safety manager for Europe, the Middle East and Africa at Facebook, and before that she was responsible for threat analysis and industry outreach at the EC3's strategy and prevention team. Prior to that, she was principal analyst at the U.K. Child Exploitation and Online Protection Center, a command of the National Crime Agency, where she was responsible for the U.K.’s threat assessment of online child abuse.