The expansion of the digital landscape and the rise of technology inside enterprises bring huge benefits for businesses, customers, entrepreneurs, but like everything it has risks. Being digitally accessible by managing digitized administration procedures, customers’ profiles, digital identities, general and sensitive data, inevitably exposes each company and its private data to different forms of cyber risk. Consequently, we become more vulnerable to hackers, potential fraudsters, stolen data, identity theft, making you more subjected to cyberattack. This is where digital regulations come into play. For a company who works in a digital environment and manages data, it is necessary to prevent any kind of cyber threat by choosing digital solutions, platforms or tools featured for being legally-compliant. A good business digital framework should collect, store, manage and protect clients’ information.
Governments and regulators play a key role in encouraging enterprises in pursuit of digital transformation as part of the company’s technological development promotion for the benefit of society. These entities have the power to foster innovation by providing legal rules that reflect society values like people’s and consumer’s rights, ensuring the safeguard of personal data and information. Digital regulations should satisfy customers and companies’ needs by giving the right directive to build a secure legal framework, inspiring trust in technology adoption. As digital transformation is an ongoing process, digital regulations need to be updated to the latest form of technology, innovation and public requirement.
The European Commission fosters the Digital Service Act
In view of the innovative change based on businesses digital transformation and their services accessibility, the European Commission assigned importance to Digital platforms by acknowledging them a key role for consumers and digital users, as they make international and remote trading and transactions easier. In addition, beyond facilitating digital services delivery, this new way of carrying out services, becomes a big trade opportunity at international level for European enterprises.
The Digital Services Act reports the legal requirements that need to be adapted to all digital services conceived to provide products, services or content to consumers, as well as new directives to promote the eradication of illegal content in digital environments and to safeguard people’s digital rights. The new framework model will rebalance the rights and responsibilities of users, intermediary platforms, and public authorities and is based on European values – including the respect of human rights, freedom, democracy, equality and the rule of law.
The European Commission, through the digital services act, expects to fulfil the following three objectives:
- To increase consumers‘ protection and related fundamental digital rights;
- To promote transparency and a clear accountability framework for online platforms;
- To foster innovation, growth and competitiveness within the European Single Market.
To be more specific, the Digital Services Act will introduce a range of new regulations for digital services. Below the key-points of this act:
- Users protection about in case of their data is erroneously deleted by platforms;
- New commitments for those digital platforms which take risk-based action to prevent abuse of their systems;
- Transparency measures for digital platforms, including on online advertising and on the algorithms used to recommend content to users;
- New standards to scrutinize how platforms work, including access for researchers to key data of the largest platforms to understand how online risks evolve;
- New rules on traceability of business users in online marketplaces, to track down sellers of illegal goods or services;
- An innovative cooperation process among public authorities to ensure effective enforcement across the single market.
European digital regulations
Every company that works actively in a European digital landscape by providing digital solutions, services or platforms on which sensitive data is stored and managed always needs to adopt a secure and legally compliant solution that meets European legal standards. Digital regulations can satisfy different topics and protect different forms of data. It is possible to categorize these regulations under the following macro-categories that cover various issues:
- Data protection (GDPR, ePrivacy Directive);
- Digital Identity (eIDAS, EUid);
- Digital Payment or Digital Transaction (BaFin, AML5, SEPBLAC, PSD2)
Let’s see each regulation features:
The General Data Protection Regulation (GDPR) is the international law on privacy and data security put into effect on May 25th of 2018. This law requires organizations that serve EU residents to keep their users’ personal data safe and preserve their data privacy rights. For a business company, it is useful to use GDPR services, both for regulatory and data security reasons. With GDPR, Europe is strengthening its role in data privacy and security in a delicate moment where people manage and store their personal data with cloud services, by being subjected to potential cyber-attacks. The GDPR will take measures against those who violate its privacy and security legal standards, with penalties that could amount reaching even tens of millions of euros.
The GDPR defines a list of the most important legal terms:
- Personal data: Information related to an individual who can be directly or indirectly identified (e.g. name, email address, location, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions.
- Data processing: Any action performed on data like collecting, recording, organizing, structuring, storing, using, erasing.
- Data subject: The person whose data is processed.
- Data controller: The person who decides why and how personal data will be processed.
- Data processor: A third party that processes personal data on behalf of a data controller.
- ePrivacy Directive
The ePrivacy Directive entered into force in 2002, represents a legal tool for privacy and data protection in the digital age, to be more specific, it takes care of the confidentiality of communications and the rules on tracking and monitoring.
After the GDPR implementation, the EU legislator was required to update this regulation in order to tackle the ongoing technology evolution, with issues such as confidentiality of machine-to-machine communication (IoT) or the confidentiality of individuals’ communication on public accessible networks (such as public Wi-Fi).
The ePrivacy Directive 2009/136/EC updated in May 2011, represents the amendment of the 2002/58/EC directive. It foresees personal data processing and privacy protection within the communications’ industry by issuing notifications on potential data breaches, it also deals with the following issues:
- Networks and services security;
- Communication confidentiality;
- Stored data access;
- Traffic and location data processing;
- Calling line identification;
- Public subscriber directories;
- Unsolicited commercial communications are known as “Spam”
The eIDAS regulation on electronic identification and trust services for electronic transactions in the internal market entered into force in 2018, is the first and most advanced cross-border legal framework for international electronic identification, authentication and website certification within the European Union. It provides a safe framework to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
More specifically, eIDAS covers two roles, on the one hand, it enables people and businesses to use their own national electronic identification schemes (eIDs), to have access to public services in other EU countries where eIDs are available.
On the other hand, it is able to create a European internal market for electronic trust services such as e-signatures, e-seals, time-stamp, electronic delivery service and website authentication, by granting that they will work across borders by maintaining the same legal status as traditional paper-based processes.
The EUid initiative revises the eIDAS Regulation, by extending it to the private sector and promoting trusted identities for all Europeans. It is focused on making safer and easier the use of the online services at European level, such as for example a student enrolment in a foreign university, a new bank account opening, and public service access. It allows people to have more control over their personal data and privacy by respecting at the same time the user’s anonymity.
Digital Payment or Digital Transaction
BaFin is a German law which is responsible as a whole of consumers’ transactions, personal data, and any kind of financial involvement. It supervises potential financial institutions, ensuring their stability, reliability and integrity.
BaFin pursues irregularities in the supervised companies and offers a whole range of tips and tools for consumers to avoid making mistakes or incorrect financial choices. BaFin, also is known for ensuring user identification via video identification procedures, it sets and provides the videoconference standards which enable customers and companies to quickly and securely identify themselves via video chat.
Anti Money Laundering or AML5 is the new directive for the prevention of money laundering and terrorist financing updated in2020 by the European Union which substitute the AML4. Through this regulation, enterprises are able to guarantee this protection to their customers when involved in remote customer identification or digital transactions procedures. This law creates a unique digital space for client identification in the financial industry, it is constantly upgraded to tackle cybercrime forms.
AML5 amendments from the previous one, aim to enhance transparency, limit the anonymity related to virtual currencies, wallet providers and for prepaid cards. It increases standards analysis of high-risk third countries, it improves financial transactions’ protection among countries, further, it sets up central bank account registries, and lastly, it also improves cooperation between AML Supervisors and prudential supervisors of the European Central Bank.
Sepblac is the Spanish Financial Intelligence Unit (FIU) and AML/CFT Supervisory Authority known as Executive Service of the Commission for the Prevention of money laundering and monetary offences in relation to cyber-attack & financial terrorism, it is specialized in the generation, treatment and dissemination of financial Intelligence.
Sepblac targets the financial sector, dealing with the management of the centralized banking account register, financial authorizations, sanctions and countermeasures.
The European PSD2 law regulates payment services and payment service providers at the European level. This directive objective is to bring payment regulation level to the state of the market and technology. To do that, companies have to implement security tools to carry out electronic payments. The long-term perspective of the PSD2 is to create a single payment area which allows citizens and enterprises to make quick and easy digital payments at international level as they would in their original countries, and a market in which cross-border transactions are subjected to the same charges as domestic payments.
A good European market for payment services should guarantee the following requirements:
- The same rules for all European member states;
- Transparency on payment information;
- Payment speediness;
- Consumer’s protection;
- Availability between different payment services
In short, a digital company who deals with data management which wants to protect customers’ data and information, their ID profiles or digital transactions, should be aware of all the legal European fundamentals digital regulations and customer’s digital rights, in order to deliver the best secure and legal digital service possible by increasing clients’ loyalty and trust towards its own company.
In Euronovate, we take care about the legal aspects of digital solutions for businesses, in particular, in quality of digital signature provider, we rely on Vintegris, one of our Euronovate Group members, as a trusted service provider which allows us to issue legal digital solutions and qualified digital certificates through its Certification Authority.
We provide to our customers the following legally compliant services and products:
- Support in electronic signature analysis and transformation of paper documents;
- Drafting and revising standard contracts;
- International regulation on electronic signature and electronic document;
- Evaluation of legal compliance of contractual policy and electronic communication systems, with particular regard to the use of the different forms of electronic signatures and electronic documents;
- Support in choosing the right kind of signature most adapt to your necessity;
- Legal assistance for dematerialization and digital archiving;
- Privacy management:
- Specific analysis on paper management for all the internal and external processes;
- Support in updating the legal rules in the digital field.
Euronovate, part of the Euronovate Group, we are European leaders in digital transformation, digital transaction management and digital identification and listed in the RegTech100 for 2021, as one of the world’s most innovative regulatory technology companies. If you want to find out more about our legally-compliant digital solutions, please contact us to arrange a demo or to ask for more information.