Proposal 20
Protect citizens against the increasing vulnerability to cybercrime by applying the principle of data minimization to collection via wireless (such as medical and banking data).
Detailed explanation
Many experts point out that 5G and connected objects and bodies will dramatically increase the dangers of data loss and cybercrime:
— many transmissions will be over wireless connections, multiplying the risk of "eavesdropping"
— much more data will be transmitted over these devices, including sensitive data. We have particular concerns about data covered by medical confidentiality (medical watches, hearing aids).
Numerous European legislative texts have established measures to combat cybercrime, including:
— Convention on Cybercrime of 23 November 2001, Council of Europe, Budapest
— Directive 2013/40 on attacks against information systems
— Directive 2016/1148 on measures to ensure a common high level of security of networks and information systems in the Union, known as the "NIS Directive"
— Regulation 2019/881 on ENISA (European Union Agency for Cyber Security) and on certification in information and communication technology cyber security
Further measures are currently being discussed by EU governments and the European Parliament.
However, it seems more important to us to reduce the risks by applying the principle of data minimization (article 5 c) from the GDPR) to the data collected and stored and to prohibit the commercialization of data related to medical confidentiality without exception (article 9 from the GDPR).
Legal arguments for our proposal are:
According to Article 5-1 of the GDPR, personal data processed must be "relevant and limited to what is necessary for the purposes for which they are processed".