New 5G Cybersecurity Law

New 5G Cybersecurity Law

The so-called “5G Cybersecurity Law” was approved according to Royal Decree-Law 7/2022 of March 29, on requirements to guarantee the security of fifth generation electronic communications networks and services.

What is 5G?

5G is the fifth generation of mobile and wireless network technology. In other words, it is not a new term, but refers to the evolution of the technology that immediately preceded it, 4G.

Beneficial aspects of 5G

  • Faster data transmission speeds
  • Less time delays in the network (latency)
  • Increased capacity to have a greater number of connected devices
  • Greater reliability in its use
  • It will be used for the Internet of Things (IoT)
  • Flexibility in the use of networks

Improvements in safety systems

With the advent of 5G, security measures in mobile networks have been enhanced at these points:

  1. Data integrity and confidentiality protection
  2. Establishment of an improved authentication system, as well as fraud control.
  3. Structure of permanent user identifiers
  4. Encryption of communications
  5. Network auditing processes through traceability options to improve the recording of network operations.

References to data protection in the 5G Cybersecurity Act.

In the Explanatory Memorandum of the law, it is important to highlight, in general terms, the impact of the content of this law in relation to the protection of personal data, since 5G networks and services have great advantages in terms of security over previous generations, but also present risks due to the large amount of information that will be handled and the simultaneous interaction that may take place between multiple people and things.

All this can have a negative impact on personal data as they may be exposed to security incidents, and it is for this reason that the security measures to be applied must be sufficiently robust and effective to generate the least possible impact on the rights and freedoms of citizens.

Thus, the text of the Law specifically refers to this need for enhanced security in relation to data protection, in Article 14. 3 e) and f), regarding medium and high risk 5G providers, where it is stated that when analyzing strategic measures and exposure to external interference, the following should be taken into account:

  1. The cooperation agreements on security, cybersecurity, cybercrime or data protection signed with the third country in question, as well as the international treaties on these matters to which said State is a party.
  2. The degree of compliance of the third country’s regulations on personal data protection with the LOPDGDD and the RGPD.

Therefore, the framework of application of this Law must respect and apply the specific rules of personal data protection in force in the Spanish legal system, such as the LOPDGDD and the RGPD.

Is our privacy at risk with this new generation of technology?

The answer will have to wait until 5G technology prevails worldwide and is massively used by all of us. However, the AEPD has already ruled on the matter, drawing attention to the following aspects:

Geolocation:

The 5G is a more advanced and accurate technology in its results, so in the case of geolocation, the margin of error becomes smaller, being possible to locate a person anywhere in the world through their mobile devices with greater accuracy.

Multiple treatment managers:

As there are different figures in this new law, such as network providers, network operators, corporate users, together with manufacturers, we are faced with a multitude of people who can treat our personal data, having to clearly delimit the responsibilities that correspond to each one.

Creation of individualized profiles:

Derived from the amount of data that will be available through the network, coupled with the different devices that each person connects to the network, so that automated profiles of users can be created and influence their decisions, through artificial intelligence, for example.

Homogeneity in privacy protection

Homogeneity in the protection of users’ privacy by the different network managers, as well as in security measures.

Increased exposure to cyber-attacks

Increased exposure to cyber-attacks, so security measures must be strengthened.

Reduced user control over their data

Reduced user control over their data, if the necessary measures are not implemented to mitigate this risk.

Business Adapter® at your service

If your company is planning to use 5G technology and you have doubts about how to apply it in relation to data protection obligations, contact your consultant for documentation and instructions.

If you are not yet a client and you want us to help you comply with the European and Spanish data protection regulations(RGPD + LOPD) to which any company or professional and in this case also individuals are obliged, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!