Diverse interests in cybersecurity field
Cybersecurity is not just a technical issue. It is also important to safeguard different interests and to comply with existing laws and regulations, for instance on personal data. “Just because something is technically possible does not mean it is legal,” notes Sandra Friberg, Docent in Civil Law at Uppsala University.
As a law researcher, she often participates in a foundation course on cybersecurity alongside data management courses. She is interested in the concept of cybersecurity from several different perspectives.
“How we secure our IT systems is primarily a technical issue. At the same time, it’s important to comply with existing regulations, such as ensuring that documents are publicly available or that personal data is stored securely so that all rules in this area are complied with,” says Sandra Friberg.
“We therefore need to work with IT experts on the legal framework with which they must comply. It doesn't matter how noble the purpose is – we still need to fulfil the legal requirements for public authorities as well as businesses.”
Surveillance in society
Cybersecurity also involves different types of surveillance in society. How far can camera surveillance and the collection of personal data go in terms of privacy?
“This includes the way in which the data is analysed and stored. For example, can you fly drones and map energy installations using IT systems? Another form of cybersecurity is ensuring that individuals are able to use the internet without being monitored by organisations or companies and risking exposure to crimes such as identity theft.”
Which of these areas is most important to examine from a legal perspective?
“All of them are equally important. We need to work on all fronts simultaneously to ensure we don't paint ourselves into a corner. Then we would risk losing in one area what we gain in another.”
Friberg also emphasises that Sweden needs to take the international legal situation into account. Cybersecurity is highlighted in many places in EU law, including its new Artificial Intelligence Act, and there is a whole 'package' of cybersecurity legislation.
“The challenge is to keep up with international developments in cybersecurity without compromising fundamental human rights. For that reason, broad collaboration between technical experts, lawyers and other social scientists is needed,” notes Friberg.
“As lawyers, we want to raise awareness of what needs to be regulated to protect human rights. Just because something is technically possible does not mean it is legal. It’s very much a balancing act, with diverse interests that need to be protected at the same time. What is legal and appropriate?”