IT-Sicherheit für Verbraucher stärken (DS2019)

Wie ist der Stand der IT-Sicherheit bei Verbraucherprodukten? Wie könnten europaweit verbindliche Vorgaben zur IT-Sicherheit gemacht werden? Wie lässt sich die IT-Sicherheit eines Produkts transparenter machen? Informatikerin Anja Hirschel und der Europaabgeordnete Patrick Breyer schlagen ein Bewertungssystem zur IT-Sicherheit von Produkten vor und haben einen entsprechenden Antrag eingereicht. Wie nützlich wäre eine „IT-Sicherheitsampel“ (ähnlich Ernährungsampel) oder bestimmte Icons, die klar zeigen, ob ein Produkt aktualisierbar ist, verschlüsseln kann usw.? Einreichungstext des Forschungsprojektes: When buying goods with embedded digital technology, like smart products (e.g. connected cars, mobile phones, 'Smart TVs' or any other ‘smart’ products that make up the Internet of Things), which IT security features are to be subject to the contract? The answer should be clear for the consumer. With the Internet of things, 'smart' devices start affecting the world in a direct and physical manner (e.g. car technology). IT devices that are insecure and vulnerable to integrity and availability threats increasingly risk our lives and property. Consumers will get more and more familiar with the digital world, and in particular with 'smart' goods. Such growing digital literacy will favour the demand for easy access to more detailed information about smart goods and about how to facilitate their use. The Pilot Project will aim to make the new 'Digital Contract' rules easily readable for consumers thanks to the development of an IT security rating system for smart goods. This IT rating system could for instance consist in 'traffic lights' or icons that would show whether a device will be automatically updated, whether encryption will be applied to stored data, or other security features. This information will trigger the consumer's rights and the manufacturer's liability. According to the Digital Content Directive, suppliers of digital goods and services will have to provide updates to smart goods, which is not just important to make them function longer, but also to increase cybersecurity. The Directive provides for objective requirements for the conformity of the goods and services, including performance features such as those related to security, which the consumer may reasonably expect. Thanks to the rating system in 'smart' goods, consumers will for instance know whether such updates happen automatically. In order to foster EU innovation in the highly competitive field of the Internet of Things (IoT), the European industry needs to attract EU consumers with consumer friendly features in the development of their products. The legal protection of consumers, and the legal certainty about such protection, are key in developing future markets and make the EU compete worldwide, while keeping high level EU standards of consumer protection. Defining a common set of standard rules to rate smart goods and their contractual mechanisms could be an asset for European SMEs wishing to make their products consumer friendly. This can also support the EU-level development of 'legal design' tools on contract rules to be further developed by industry players in the field of IoT products, in partnership with lawyers and data protection experts. JUSTIFICATION: The European legislator has endeavoured to bring clear legal solutions for consumers, especially when buying 'smart goods', with a Directive on Contracts for the Supply of Digital Content and Digital Services, and with a Directive on the Sale of Goods, both adopted in 2019. However, practical solutions are needed to make sure that consumers can identify and compare the IT security features of 'smart goods' and exercise their contractual rights in this respect. about this event: https://datenspuren.de/2019/fahrplan/events/10437.html