References of "Chiara, Pier Giorgio 50038876"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailThe Cyber Resilience Act: the EU Commission’s proposal for a horizontal regulation on cybersecurity for products with digital elements. An introduction
Chiara, Pier Giorgio UL

in International Cybersecurity Law Review (2022)

The EU Commission presented on 15 September 2022 the proposal for a ‘Regulation on horizontal cybersecurity requirements for products with digital elements amending Regulation (EU) 2019/1020’ (Cyber ... [more ▼]

The EU Commission presented on 15 September 2022 the proposal for a ‘Regulation on horizontal cybersecurity requirements for products with digital elements amending Regulation (EU) 2019/1020’ (Cyber Resilience Act, CRA). This long-awaited piece of legislation would complement EU cybersecurity acquis by laying down horizontal cybersecurity requirements for all products with digital elements. This article sheds light on the ‘horizontal’ character of the CRA proposal by highlighting its main pillars. In particular, the contribution takes into account the new set of obligations placed on economic operators, the conformity assessment procedures as well as the market surveillance framework and the interplay with other legislative initiatives, both in the policy area and outside EU cybersecurity law. Against the backdrop of the sectoral regulatory approach adopted thus far by the Commission vis-à-vis cybersecurity requirements for products, horizontal intervention is needed to ensure legal certainty, avoiding duplicative obligations and further market fragmentation. [less ▲]

Detailed reference viewed: 45 (3 UL)
Full Text
Peer Reviewed
See detailOne step ahead: mapping the Italian and German cybersecurity laws against the proposal for a NIS2 directive
Schmitz, Sandra UL; Chiara, Pier Giorgio UL

in International Cybersecurity Law Review (2022)

With the COVID-19 pandemic accelerating digital transformation of the Single Market, the European Commission also speeded up the review of the first piece of European Union (EU)-wide cybersecurity ... [more ▼]

With the COVID-19 pandemic accelerating digital transformation of the Single Market, the European Commission also speeded up the review of the first piece of European Union (EU)-wide cybersecurity legislation, the NIS Directive. Originally foreseen for May 2021, the Commission presented the review as early as December 2020 together with a Proposal for a NIS2 Directive. Almost in parallel, some Member States strengthened (or adopted) national laws beyond the scope of the NIS Directive to respond adequately to the fast-paced digital threat landscape. Against this backdrop, the article investigates the national interventions in the field of cybersecurity recently adopted by Italy and Germany. In order to identify similarities and divergences of the Italian and German national frameworks with the European Commission’s Proposal for a NIS2 Directive, the analysis will focus on selected aspects extrapolated from the Commission Proposal, namely: i) the enlarged scope; ii) detailed cybersecurity risk-management measures; iii) more stringent supervisory measures; and, iv) stricter enforcement requirements, including harmonised sanctions across the EU. The article concludes that the national cybersecurity legal frameworks under scrutiny already match the core of the proposed changes envisaged by the NIS2 Proposal. [less ▲]

Detailed reference viewed: 44 (2 UL)
Full Text
Peer Reviewed
See detailThe IoT and the new EU cybersecurity regulatory landscape
Chiara, Pier Giorgio UL

in International Review of Law, Computers and Technology (2022), 36(2),

This article aims to cast light on how the fast-evolving European cybersecurity regulatory framework would impact the Internet of Things (IoT) domain. The legal analysis investigates whether and to what ... [more ▼]

This article aims to cast light on how the fast-evolving European cybersecurity regulatory framework would impact the Internet of Things (IoT) domain. The legal analysis investigates whether and to what extent existing and proposed sectoral EU legislation addresses the manifold challenges in securing IoT and its supply chain. It firstly takes into account the Cybersecurity Act, being the most recent and relevant EU legal act covering ICT products and cybersecurity services. Then, EU product legislation is scrutinised. The analysis focuses on the delegated act recently adopted by the Commission under the Radio Equipment Directive (RED), strengthening wireless devices’ cybersecurity, the Medical Devices Regulation, the Proposal for a General Product Safety Regulation and the Proposal for a Machinery Regulation. Lastly, the proposal for a revised Network and Information Systems Directive (NIS2) is assessed in terms of its potential impact on the field of IoT cybersecurity. Against this backdrop, the article concludes by advocating the need for a separate horizontal legislation on cybersecurity for connected products. To avoid fragmentation of the EU’s Single Market, a horizontal legal act should be based on the principles of the New Legislative Framework, with ex-ante and ex-post cybersecurity requirements for all IoT sectors and products categories. [less ▲]

Detailed reference viewed: 69 (1 UL)
Full Text
Peer Reviewed
See detailCommission Delegated Regulation (EU) 2022/30 Supplementing Directive 2014/53/EU on Radio Equipment: Strengthening Cybersecurity, Privacy and Personal Data Protection of Wireless Devices
Chiara, Pier Giorgio UL

in European Data Protection Law Review (2022), 8(1), 103-107

This contribution highlights how the Delegated Regulation (EU) 2022/30 - activating the essential requirements of Article 3(3)(d), (e) and (f) of Directive 2014/53/EU on radio equipment (RED) - will ... [more ▼]

This contribution highlights how the Delegated Regulation (EU) 2022/30 - activating the essential requirements of Article 3(3)(d), (e) and (f) of Directive 2014/53/EU on radio equipment (RED) - will enhance and complement existing cybersecurity and privacy & data protection EU legal frameworks while strengthening the (cyber)security of wireless (IoT) devices. [less ▲]

Detailed reference viewed: 161 (3 UL)
Full Text
Peer Reviewed
See detailL'IA applicata all'analisi dei metadati: un'alternativa alla rottura della crittografia per le autorità di contrasto alla criminalità
Neroni Rezende, Isadora; Chiara, Pier Giorgio UL

in Brighi, Raffaella (Ed.) Nuove Questioni di Informatica Forense (2022)

This paper explores the normative challenges of digital security technologies i.e., end-to-end (E2E) encryption and metadata analysis, in particular in the context of law enforcement activities. Internet ... [more ▼]

This paper explores the normative challenges of digital security technologies i.e., end-to-end (E2E) encryption and metadata analysis, in particular in the context of law enforcement activities. Internet of Things (IoT) devices embedded in smart environments (e.g., smart cities) increasingly rely on E2E encryption in order to safeguard the confidentiality of information and uphold individuals’ fundamental rights, such as privacy and data protection. In November 2020, the Council of the EU published a resolution titled “Encryption – Security through encryption and security despite encryption”. The resolution seeks to ensure the ability of security and criminal justice authorities to access data in a lawful and targeted manner. Nonetheless, in the context of pre-emptive surveillance and criminal investigations, E2E encryption renders the analysis of the content of communications extremely challenging or practically impossible, even when access to data could be lawful. Here, two different layers of complexity seem to emerge. They concern: (i) whether a balance between the values protected by E2E encryption and the aims of law enforcement can be attained; (ii) whether state-of-the-art AI models can preserve the advantages of E2E encryption, allowing for inferences of valuable information from communication traffic, with the aim of detecting possible threats or illicit content. Against this backdrop, we firstly examine whether AI algorithms, such as Machine Learning and Deep Learning, might be part of the solution, especially when it comes to data-driven and statistical methods for applying classification in encrypted communication traffic so as to infer sensitive information about individuals. Secondly, we consider the possible uses of AI tools in the analysis of IoT-generated data in smart cities scenarios, focusing on metadata analysis. We explore whether that AI-based classification of encrypted traffic can circumscribe the scope of law enforcement monitoring operations, in compliance with the European surveillance case-law. Finally, as far as our research focus is concerned, we discuss how the use of AI bears the potential of smoothing traditional trade-offs between security and fundamental rights, allowing for encrypted traffic analysis without breaking encryption. [less ▲]

Detailed reference viewed: 44 (0 UL)
Full Text
Peer Reviewed
See detailLa cybersecurity come bene pubblico: alcune riflessioni normative a partire dai recenti sviluppi nel diritto UE
Brighi, Raffaella; Chiara, Pier Giorgio UL

in Federalismi.it (2021), 21

The article casts the light on how and to what extent the recent EU legislative developments can uphold the thesis that would identify cybersecurity as a public good, in particular, taking into account ... [more ▼]

The article casts the light on how and to what extent the recent EU legislative developments can uphold the thesis that would identify cybersecurity as a public good, in particular, taking into account systems’ robustness. The doctrine of the public good, which is typically an economic concept, in its normative dimension reveals a framework of shared responsibilities, in view of the common interest in having a satisfactory level of security of the information systems at the basis of our societies. Improving cybersecurity is essential, on the one hand, to trust and benefit from innovation, connectivity and automation; on the other hand, for safeguarding fundamental rights and freedoms, including the rights to privacy and to the protection of personal data, and the freedom of expression and information. Against this background, the new strategy of the European Commission on cybersecurity, the proposal for an NIS 2.0 Directive and, at a lower level of abstraction, the inclusion of minimum cybersecurity requirements for connected devices in the Directives and Regulations of the “New Legislative Framework” (NLF), testify the firm will of the Commission to outline a clear, coherent and inclusive regulatory framework, in order to increase the global level of security within the Union. [less ▲]

Detailed reference viewed: 216 (2 UL)
Full Text
Peer Reviewed
See detailDisentangling encryption from the personalization debate: On the advisability of endorsing the “relativist approach” underpinning the identifiability criterion
Chiara, Pier Giorgio UL

in University of Vienna Law Review (2021), 4(2), 168-188

The great confusion about encryption, cornerstone concept of data security, may jeopardise a proper taxonomy in order to legally qualify data. Through a technical and legal literature review, this paper ... [more ▼]

The great confusion about encryption, cornerstone concept of data security, may jeopardise a proper taxonomy in order to legally qualify data. Through a technical and legal literature review, this paper firstly aims to shed the light on the nature of encryption. Having set the context, the study investigates whether and to what extent the so-called relativist understanding of Recital 26 GDPR is desirable. It considers the effort required to identify the data subject only by the data controller: in the context of cryptography, GDPR’s regime would be applicable if a data controller is able to decrypt a data set or, at least, has reasonable possibilities of doing so. The legal analysis, integrated with technical aspects, addresses the case of polymorphic encryption as an argument in favour of the relativist approach in the post-Breyer era: if cryptographic means have been strong enough so that identification is no longer reasonably likely, such data would be effectively non-personal data. The advisability of such outcome will be critically discussed in the light of recent business trends, where big corporations are increasingly investing in business models aiming at removing from the equation personal data. [less ▲]

Detailed reference viewed: 45 (2 UL)
Full Text
Peer Reviewed
See detailThe Balance Between Security, Privacy and Data Protection in IoT Data Sharing: a Critique to Traditional "Security&Privacy" Surveys
Chiara, Pier Giorgio UL

in European Data Protection Law Review (2021), 7(1), 18-30

The paper examines the normative challenges of the Internet of Things (IoT), in particular, taking into account today’s debate on privacy, data protection, and security issues brought about by IoT. Three ... [more ▼]

The paper examines the normative challenges of the Internet of Things (IoT), in particular, taking into account today’s debate on privacy, data protection, and security issues brought about by IoT. Three different layers of complexity are under scrutiny. They regard (i) moral and political theories on the concept of ‘security’; (ii) whether and to what extent information security technologies, in the context of IoT, may affect fundamental rights, such as privacy and data protection; and, (iii) new legal challenges for individual and group privacy and data protection. The overall aim of the paper is, on the one hand, to stress basic differences between privacy and data protection and why the distinction matters vis-à-vis the flow of information and data sharing on IoT. On the other hand, the intent is to stress the different meanings security has in this context, since the word is often used interchangeably to address information security, cybersecurity, or safety issues. We should take these distinctions firm, when striking balances between privacy, data protection, and ‘security’ on IoT. [less ▲]

Detailed reference viewed: 223 (2 UL)
Full Text
Peer Reviewed
See detailThe Unsecure Side of (Meta)Data in IoT Systems
Chiara, Pier Giorgio UL

in Ambient Intelligence and Smart Environments (2020, July), 28

The exponential spreading and deployment of emerging digital technologies such as the Internet of Things (IoT) has been remarkable: the IoT market is expected to triple, at least, from USD 170.57 billion ... [more ▼]

The exponential spreading and deployment of emerging digital technologies such as the Internet of Things (IoT) has been remarkable: the IoT market is expected to triple, at least, from USD 170.57 billion in 2017 to USD 561.04 billion by 2022. IoT technologies collect, generate and communicate a huge amount of different data and metadata, through an increasing number of interconnected devices and sensors. Current EU legislation on data protection classifies data into personal and non-personal. The paper aims at charting the resulting entanglements from an interdisciplinary perspective. The legal analysis, integrated with a technical perspective, will address firstly the content of IoT communications, i.e. “data”, and the underlying distinction between personal and non-personal. Secondly, the focus will shift on the metadata related to communications. Through a technical analysis of the highly sensitive nature of metadata, even when the content is encrypted, I will argue that metadata are likely to undermine even more the ontological and sharp division between personal and non-personal data upon which the European legal frameworks for privacy and data protection have been built. The incoming ePrivacy Regulation shall provide metadata, which should be considered always personal data, the same level of protection of “content” data. This interpretation might broaden the scope of application of GDPR and the connected obligations and responsibilities of data controllers and data processors too much. [less ▲]

Detailed reference viewed: 50 (4 UL)
Full Text
Peer Reviewed
See detailSecurity and Privacy in Resource-Constrained Devices
Chiara, Pier Giorgio UL

in CEUR Workshop Proceedings (2020), 2598

Recent adversarial attacks have been shown IoT devices weaknesses due to their limited computing power. Given also their ubiquitous presence, lower costs and limitations in keeping security measures up ... [more ▼]

Recent adversarial attacks have been shown IoT devices weaknesses due to their limited computing power. Given also their ubiquitous presence, lower costs and limitations in keeping security measures up-todate, resource-constrained devices represent a growing risk for the security of IT infrastructure. The scope of the research is to investigate the weaknesses of resource-constrained IoT devices. The methodology for the investigation is the legal analysis of existing legal frameworks regulating IoT cybersecurity and data security; afterwards it will be carried out a critical evaluation of the existing best practices. This critical analysis should face the twofold challenge of increasing transparency and trust in resource-constrained systems. Users and companies are two faces of the same coin: accountability of data collectors and user awareness are crucial in the security and data protection debate. Thus, a comprehensive overview of the relevant legal frameworks and guidelines would increase the understanding of risks of the users, whilst data controllers (especially of small and medium enterprises) may have an instrument to implement properly security measures. [less ▲]

Detailed reference viewed: 152 (5 UL)