A new European cybersecurity law has been panned by an association which represents Google, Facebook, eBay and Yahoo.
The Computer and Communications Industry Association (CCIA) has sent an open letter to the EU’s telecommunications representatives to protest their inclusion in the Network and Information Security (NIS) Directive.
The Directive will enforce rules that “enablers of information services” will be required to inform higher authorities each time they suffer a cybersecurity incident.
CCIA has argued that most of the requirements of the NIS Directive have already been met via separate commercial contracts and agreements that its representatives have established.
“Inclusion of broader information society services risks unleashing an avalanche of random personal data for often struggling regulatory agencies,” writes the association, according to The Register.
“Such massive reporting, and often double reporting, to poorly resourced authorities would expose citizens’ personal data to unnecessary risk at no significant security benefits.”
In layman’s terms, saddling the big internet companies with more regulations would endanger their users’ personal data, especially, as the CCIA venomously state, given the reputation of the EU’s regulatory bodies
“A broader scope of the NIS Directive risk undermining the law’s ability to protect what really needs protection,” the letter adds.
There is still a lot of debate amongst national ministers, the European Commission and MEPs over what companies should be included in the new cybersecurity Directive.