Monday, 28 January 2013

EU lawmaking - flowcharts - "ordinary legislative procedure"

The UK Information Commissioner's Office has produced an excellent explanation and chronological table of the procedure in the European Union for passing (or not) the proposed data protection law reforms. (The same procedure is used for most other proposed EU laws too.)

The detail-inclined can read more about the so-called ordinary legislative procedure (used to be called "codecision procedure"):

For the visually-inclined, here are some flowchart graphics (or infographics, to be trendier!):


Diagram above (from the above codecision report) contains Parliamentary information licensed under the Open Parliament Licence v1.0


Diagram above (from the Word version of "How the European Union Works") as per the Europa site's copyright notice


And flow chart from another Europa webpage, as per the Europa site's copyright notice

Bottom line - judging by the volume of European Parliament amendments proposed so far, there's a long way to go yet…

Monday, 21 January 2013

Cloud security - more ENISA reports

ENISA's further cloud security reports may have been missed by some, being published on their site around Christmas time without any press releases or announcements that I could find. Links to those reports are below.
Also, ENISA wants to create a single working group of experts "to initiate discussions and studies, and to validate analyses and recommendation related to cloud security and resilience". The kick-off meeting of the expert group is planned for end February 2013. You can sign up to this group by emailing marnix.dekker (at) .
  1. Cloud computing - Benefits, risks and recommendations for information security, Rev.B – December 2012 (revised by Thomas Haeberlen & Lionel Dupré; original authors  of 2009 version Daniele Catteddu & Giles Hogben): an update of their very popular 2009 paper on cloud risk assessment.
    Summary, full PDF, issue tracker.
  2. Critical Cloud Computing - A CIIP perspective on cloud computing services, Version 1.0, December 2012, by Dr. M.A.C. Dekker: cloud computing and critical services – cloud dependencies and failures - an overview of some key threats from a CIIP perspective with some specific recommendations.
    Summary, full PDF, issue tracker.
Another late Dec ENISA publication which may have escaped wide attention is National Cyber Security Strategies  - Practical Guide on Development and Execution - for policymakers, a "set of concrete actions, which if implemented will lead to a coherent and holistic national cyber-security strategy. It also proposes a national cyber-security strategy lifecycle, with a special emphasis on the development and execution phase. For each component of the strategy a list of possible and indicative Key performance indicators (KPIs) will be described."

Wednesday, 9 January 2013

EU data protection law reforms - LIBE views

Two draft reports by the European Parliament's Civil Liberties, Justice and Home Affairs Committee (LIBE), regarding the Jan 2012 proposals to modernise EU data protection laws, were presented yesterday 8 Jan 2013 -

  1. Draft LIBE report on proposed Data Protection Regulation, rapporteur Jan-Philipp Albrecht
  2. Draft LIBE report on proposed Data Protection Directive (for the law enforcement sector), rapporteur Dimitrios Droutsas

Some experts, who clearly read and write very much faster than me, have already published their analyses of these reports. So over to them (and their titles clearly reflect their views!):

Winston Maxwell, Hogan Lovells: European Parliament Committee Releases Proposed Amendments to Data Protection Regulation. The concise bullet-pointed version.

Chris Pounder, Amberhawk: European Parliament mauls the Data Protection Regulation; enhanced protection for data subjects and fettering of Commission’s powers. Draft law as a tiny creature? But seriously - always thoughtful and a good read.

Eduardo Ustaran, Field Fisher Waterhouse: European Parliament’s take on the Regulation: Stricter, thicker and tougher. The draft law as chewy asparagus, perhaps?