Only 12% of European web users feel completely safe making online transactions.

Trust and security

Europeans will not embrace technology they do not trust - the digital age is neither "big brother" nor "cyber wild west".

Users must be safe and secure when they connect online. Just like in the physical world, cybercrime cannot be tolerated. Besides, some of the most innovative and advanced online services – such as eBanking or eHealth - would simply not exist if new technologies were not fully reliable. So far, the internet has proved remarkably secure, resilient and stable, but IT networks and end users’ terminals remain vulnerable to a wide range of evolving threats: in recent years, spam emails have grown to the point of heavily congesting e-mail traffic on the internet - various estimates suggest between 80 % to 98 % of all circulating emails - and they spread a wide range of virus and malicious software. There is a growing scourge of identity theft and online fraud. Attacks are becoming increasingly sophisticated (trojans, botnets, etc.) and often motivated by financial purposes. They can also be politically motivated as shown by the recent cyber-attacks that targeted Estonia, Lithuania and Georgia.

Addressing those threats and strengthening security in the digital society is a shared responsibility – of individuals as much as of private and public bodies, both at home and globally. For instance, to tackle sexual exploitation and child pornography, alert platforms can be put in place at national and EU levels, alongside measures to remove and prevent viewing of harmful content. Educational activities and awareness raising campaigns for the wider public are also essential: the EU and Member States can step up their efforts, e.g. through the Safer Internet Programme, providing information and education to children and families on online safety, as well as analysing the impact on children of using digital technologies. Industries should also be encouraged to further develop and implement self-regulatory schemes, in particular as regards protection of minors using their services.

The right to privacy and to the protection of personal data are fundamental rights in the EU which must be – also online - effectively enforced using the widest range of means: from the wide application of the principle of "Privacy by Design" in the relevant ICT technologies, to dissuasive sanctions wherever necessary. The EU’s revised framework for electronic communications clarifies the responsibilities of network operators and service providers, including their obligation to notify breaches of personal data security. The recently launched review of the general data protection framework will include a possible extension of the obligation to notify data security breaches. The implementation of the ban on spam will be reinforced using the Consumer Protection Cooperation (CPC) network.

An effective and rapid implementation of the EU action plan for the protection of critical information infrastructure and of the Stockholm Programme will trigger a wide range of measures in the field of network and information security and the fight against cybercrime. For instance, to react in real-time conditions, a well functioning and wider network of Computer Emergency Response Teams (CERTs) should be established in Europe, including for European institutions. Cooperation between CERTs and law enforcement agencies is essential and a system of contact points should be promoted to help prevent cybercrime and respond to emergencies, such as cyber attacks. Europe also needs a strategy on identity management, notably for secure and effective eGovernment services.

Finally, cooperation of relevant actors needs to be organised at global level to be effectively able to fight and mitigate security threats. This can be channelled as part of discussions on Internet Governance. At a more operational level, internationally coordinated information security targeted actions should be pursued, and joint action should be taken to fight computer crime, with the support of a renewed European Network and Information Security Agency (ENISA).