Security,
protection and
trust

Digitization and the increasing level of integration are putting greater demands on both cybersecurity and data protection. To be able to develop and expand effective safety levels in the digital space, critical factors include sustainable cooperation, structured transparency and mutual trust between civil society, business, science and authorities. To achieve this, structures and frameworks must be put in place that provide protection in cyberspace at all levels. Protection from and prosecution of criminal activities is just one aspect of this. The reliability and robustness of the critical infrastructures of a state along with privacy and aspects of consumer law are also central issues here.

Cybersecurity

To increase cybersecurity, appropriate structures have been established in recent years with the numerous CERTs (Computer Emergency Response Teams, the “Internet’s fire brigade”), operational coordination in cybersecurity, cybercrime and cyberdefence cases, cyber crisis management and the cybersecurity platform. Authorities, business and research are now working together to develop the established processes. These need to be incorporated into international and European activities since cybersecurity incidents cut across national boundaries. To be able to ensure security in cyberspace, an appropriate legal framework is required and is due to be put in place in 2017 with the cybersecurity law.

Furthermore, cybersecurity enhances the ability to combat disturbances in and from cyberspace and to mitigate the associated consequences. To achieve this comprehensively, citizens and businesses must be informed of the risks and necessary precautions and their awareness of these raised. Only with appropriate awareness-raising measures in place to minimize risk can shared cyberspace be adequately covered. In small and medium-sized companies in particular, it is important to increase awareness of the cybersecurity issue.

Measures

  • Implement and continue to develop the Austrian Cybersecurity Strategy (ÖSCS) with a comprehensive approach involving the government, business, science and society
  • Draft a modern Internet and information security law (cybersecurity law): notification obligations for operators of essential services, CSIRTs, definition of international cooperation and also national and international contact points
  • Establish strategic and operational NIS authorities for the national coordination of incidents
  • Draw up a cybersecurity agenda for the coming years to outline all key cybersecurity themes in Austria within the cybersecurity platform
  • Actively conduct cybersecurity PR work by funding awareness-raising programmes aimed at specific target groups (e.g. teachers, parents, senior citizens, children and young people and also businesses), such as saferinternet.at and onlinesicherheit.gv.at
  • Intensify and expand cybertraining as part of basic military service in the armed forces
  • Create appropriate management structures in cyberdefence and continue to develop cyberdefence capabilities; set up a cyberdefence situation centre, cybertraining centres and cyberdocumentation research centres
  • Continue to expand the competences of the cybersecurity centre (CS): establish a national cyber situation centre
  • Develop and intensify cyber investigator training at all police levels
  • Establish an Austrian cybersecurity cluster with cybersecurity providers to consolidate the relevant skills and activities in order to position Austria as a location for cybersecurity providers

Data protection

Austria has many years of experience in data protection. Privacy protection is in the interests of every individual and must also be guaranteed by government action. Data ownership of consumers on the digital markets must be ensured and their trust in digital products and services must be increased. The primary objective is modern, simple and clear data protection at a high level, which at the same time safeguards the opportunities offered by digitization and new technologies and embraces the digital single market.

Measures

  • Implement the General Data Protection Regulation at national level by continuing to maximize data protection and at the same time opening up the opportunities offered by new digital technologies
  • Capitalize on the high level of data protection in Austria as a locational advantage
  • Ensure that Austria plays an active role in European and international discussions on data protection and international regulations
  • Promote data centres and providers of cloud services that are solely located in the EU or EEA to ensure a high level of data protection and prevent data from being transmitted to or from third countries
  • Incorporate data protection awareness and security expertise into digital education (see Education section)
  • Set up information initiatives on data protection and teach media literacy and key legal skills in private and vocational training and for businesses
  • Develop, evaluate and promote (IT) concepts on ‘privacy by design’ and ‘privacy by default’ (protecting data through technology and the default settings in data protection law), taking the interests of users into consideration

Consumer protection

In the digital world, consumer protection fulfils an important role in informing, assisting and supporting consumers and in transparently communicating which data is used and stored for which purpose. Strengthening the ownership of consumers and their trust in digital products and services also provides economic impetus.

Measures

  • Increase transparency and introduce clear rules for commercial decisions based on consumer profiles and algorithms, such as assessment of (the creditworthiness of) individuals or individual pricing in online retail, with due regard to the business and trade secrets of the companies involved
  • Ensure easy and low-cost access to advice and help for consumers in law enforcement matters, in particular with respect to cross-border online retail
  • Strengthen online retail by increasing consumer trust through preventing, raising awareness of and combating “online pitfalls”