The European Commission is planning a new internal security strategy and intends to increasingly rely more on digital technologies for law enforcement. eco – Association of the Internet Industry warns against hasty measures that could burden companies and jeopardise fundamental rights. Instead of new legislative initiatives, eco calls for a review of existing laws and regulations.
Oliver Süme, eco Chair of the Board, has the following to say:
“Before new laws are created, existing regulations must first be evaluated and implemented across all Member States. Additional regulations lead to legal uncertainty, increase costs for companies and, in the worst case, can even infringe upon fundamental rights.”
eco consistently rejects extended data access
The existing regulations on data access for law enforcement agencies are currently still being implemented. A hasty reform is therefore incomprehensible for the Internet Industry Association.
“We reject any weakening of end-to-end encryption, whether through reducing crypto complexity or providing side channels for accessing encrypted information. An attack on encryption is always also an attack on cybersecurity, privacy and trustworthiness,” emphasises Süme.
eco warns against the reintroduction of data retention
With regard to the planned data retention measures, eco recalls the ruling of the European Court of Justice, which sets strict limits on data retention.
“The indiscriminate mass storage of private IP addresses is a violation of fundamental rights and infringes EU law. The European Court of Justice already decided this in 2022, and it was confirmed by the German Federal Administrative Court in 2023. Together with our members, we successfully sued against illegal data retention at that time and will do so again if necessary,” says Süme.
Every security regulation requires fact-based decisions
According to eco, the ongoing review of the Terrorist Content Online Directive should also be completed before new measures are taken. Furthermore, the experiences of platform operators and Internet providers must be more strongly considered.
“The Digital Services Act already provides a comprehensive regulatory framework. Further regulations should only be decided after a thorough evaluation,” explains Süme.
