"In the public interest": The privacy implications of international business-to-business sharing of cyber-threat intelligence. Issue 1 (February 2017)
- Record Type:
- Journal Article
- Title:
- "In the public interest": The privacy implications of international business-to-business sharing of cyber-threat intelligence. Issue 1 (February 2017)
- Main Title:
- "In the public interest": The privacy implications of international business-to-business sharing of cyber-threat intelligence
- Authors:
- Sullivan, Clare
Burger, Eric - Abstract:
- Abstract: This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence. The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date. This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU memberAbstract: This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence. The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date. This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU member countries, a major focus of the international cyber threat sharing project. The research also reveals that EU data protection requirements, particularly the currently applicable law of the Data Protection Directive 95/46/EC (1995 Directive) (the rules of which the GDPR will replace in practice in 2018), generally form the basis of current data protection requirements in countries outside Europe. It is expected that this influence will continue and that the GDPR will shape the development of data protection internationally. In this article, the authors examine whether static and dynamic IP addresses are "personal data" as defined in the GDPR and its predecessor the 1995 Directive that is currently the model for data protection in many jurisdictions outside Europe. The authors then consider whether sharing of that data by a business without the consent of the data subject, can be justified in the public interest so as to override individual rights under Articles 7 and 8(1) of the Charter of Fundamental Rights of the European Union, which underpin EU data protection. The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives. The article concludes by summarizing the project findings to date, and how they inform international sharing of cyber-threat intelligence within the private sector. … (more)
- Is Part Of:
- Computer law & security review. Volume 33:Issue 1(2017)
- Journal:
- Computer law & security review
- Issue:
- Volume 33:Issue 1(2017)
- Issue Display:
- Volume 33, Issue 1 (2017)
- Year:
- 2017
- Volume:
- 33
- Issue:
- 1
- Issue Sort Value:
- 2017-0033-0001-0000
- Page Start:
- 14
- Page End:
- 29
- Publication Date:
- 2017-02
- Subjects:
- Privacy -- Cyber-threat -- Intelligence -- Business-to-business sharing -- Data collection -- Disclosure -- Privacy and public interest
Computers -- Law and legislation -- Periodicals
Computer security -- Law and legislation -- Periodicals
Electronic commerce -- Law and legislation -- Periodicals
Data protection -- Law and legislation -- Periodicals
Computer security -- Law and legislation
Computers -- Law and legislation
Data protection -- Law and legislation
Electronic commerce -- Law and legislation
Periodicals
343.0999 - Journal URLs:
- http://www.elsevier.com/journals ↗
- DOI:
- 10.1016/j.clsr.2016.11.015 ↗
- Languages:
- English
- ISSNs:
- 2212-473X
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 383.xml