Home

Internal

Global

Contatto

Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |

In tutto il mondo

Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.

About the Opinion 23/2022 of The European Data Protection Supervisor

published on 21 November 2022 | reading time approx. 3 minutes

On 9 November 2022, the European Data Protection Supervisor, an independent institution of the EU, responsible under Article 52(2) and Article 52(3) of Regulation 2018/1725 (hereinafter “the EDPS”), gave an Opinion on the Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020 (hereinafter “the Proposal”), issued by the European Commission on 15 September 2022.

First things first, it should be noted that the wide scope of the Proposal covers all products with digital elements, and specifically means any software or hardware product and its remote data processing solutions, including software or hardware components to be placed on the market separately, whose intended or reasonably foreseeable use includes a direct or indirect logical or physical data connection to a device or network. This includes both products that can be connected physically via hardware interfaces and products that are connected logically, such as via network sockets, pipes, files, application programming interfaces and any other type of software interface.

At the same time certain digital products and services subject to sectoral legislation fall outside of the Proposal’s scope. These include software-as-a-service, medical devices, in vitro diagnostic medical devices, motor vehicles, products used exclusively for national security or military purposes or designed specifically to process classified information.

Therefore, in line with the Proposal, the Opinion 23/2022 of the EDPS can be summarized as follows:

The EDPS fully supports the general objective of the Proposal to improve the functioning of the internal market by laying down a uniform legal framework for essential cybersecurity requirements for placing products with digital elements on the European Union market;
The EDPS strongly recommends including the data protection by design and by default principle in the essential cybersecurity requirements of products with digital elements;
The EDPS welcomes the fact that this provision acknowledges that the processing of personal data is a critical and sensitive function and might as such require the corresponding critical products with digital elements to obtain a European cybersecurity certificate under a European cybersecurity certification scheme. At the same time, obtaining a European cybersecurity certification automatically should not guarantee compliance with the General Data Protection Regulation (hereinafter “GDPR”);
The EDPS welcomes the proposed penalties, which are similar to those of the GDPR, with a maximum fine of 2.5 per cent of global annual turnover. As a result, the Proposal could serve as another form of protection for individuals that reside within EU Member States, in conjunction with the provisions of the GDPR.

It follows that a new EU Regulation, which will impose a European cybersecurity certification scheme for products with digital elements, could be adapted in the near future.

Therefore, all the businesses developing or using products with digital elements shall keep in mind that the existence of a certificate should be ascertained (yet still being more of a recommendation), which would then indicate overall compliance of the digital products with the regulation, including the privacy requirements set by the GDPR.

DATA PROTECTION BITES

Read all releases »

author

Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney, Certified Data Protection Specialist

Senior Associate

+371 6733 8125

Invia richiesta

RÖDL & PARTNER LATVIA

Discover more about our offices in Latvia. Read more »