Estonia utilised its presidency of the European Union in 2017 to push for increased cyber norms and regulation; for the benefit of security and services, the UK would be well served to follow its example.
Estonia took over the presidency of the council of the European Union in 2017, a little earlier than expected, due to the Brexit vote. One of the four priorities identified during the Estonian presidency was the push for a digital Europe and the free movement of data.
Estonia has made its mark within the European Union and wider world for perceived excellence in the cyber realm, with its established and comprehensive e-governance system which has received international recognition, as well as the location of the NATO co-operative centre for cyber excellence being located in Tallinn, in itself recognition of Estonian excellence in this field.
Numerous cases for the digital single market
There are numerous cases for the digital single market. The ease of doing business across borders is one benefit, while the most notable and popular accomplishment might be the abolishment of roaming charges for mobile device uses, meaning users can use their mobile devices outside their home country across Europe without receiving additional, and often expensive charges, as was the norm previously. Another strong argument for the digital single market is security, and Estonia has been at the forefront of shaping some of security norms the digital market seeks to bring about.
It is worth acknowledging that it is impossible to completely secure cyberspace, but there are ways in which we can mitigate some of the risks involved. The most notable is through close co-operation and data sharing. We are more secure when we co-operate with others, and also we must also recognise that data is not fully sovereign; it inevitably crosses national borders, and thus the security response to these challenges must be multinational.
While our everyday lives become more reliant upon digital services, we too become reliant upon the security of these services. Over one fifth of all products or services purchased in Europe crosses a border. Through sharing processes, regulating our approaches and close collaboration, the digital single market has sought to address key cyber concerns of citizens and governments alike.
The Estonian approach to the digital age might be characterised through both transparency and accountability, something which is clearly sought to implement during its council presidency. Estonia was also hardened by the 2007 experience of hacking on a grand scale, which inconvenienced citizens through DDOS (direct denial of service) attacks on public services.
The key challenge going forward for Estonia and wider Europe is how to balance concerns of privacy and liberty with security concerns. Enhancing security practices and data sharing among member states, while remaining mindful of the concerns of data protection, are a vital challenge to our governments, as they are key concerns to ordinary citizens.
The UK can learn from the Estonian approach to cyber security and norms
Co-operation in the digital single market enhances the ability to regulate private companies and services, something which has clear value in light of the Facebook/Cambridge Analytica revelations. A small nation such as Estonia alone would have very little hope of influencing or regulating a powerful, global company such as Facebook, but cooperation in the digital single market increases influence and capability.
Estonia has played a leading role in crafting the digital single market that will run in line with the implementation of the GDPR (General Data Protection Regulation), which introduces norms to make trade and the free movement of data easier, as well as protect citizens from companies exploiting their data by introducing regulation and penalties for companies and services which abuse this data.
While the UK is a much larger nation than Estonia, it can learn much from the Estonian approach to cyber security and norms. It is disappointing that Theresa May’s government has decided it will leave the digital single market post Brexit. Indeed, the UK must seek parity with the standards of the digital market and GDPR, and businesses will need to comply with them if they want to continue to provide digital goods and services seamlessly across Europe. Yet crucially, through leaving the digital single market, they are excluded from the shaping what compliance will look like, as well as the sharing and influencing the best practices in protecting citizens cyber security.
Estonia is at the forefront of forging what these laws and values will be. International co-operation in cyber security is crucial, and Estonia is leading the way. The UK may need to rethink.
The opinions in this article are those of the author. The cover image is illustrative.