The European Union’s Court of Justice decision prompts a look at how the privacy and cyber risk landscape has progressed outside of the United States. Cyber incidents in Europe began to spike in 2009 and rose gradually over the next five years, although laws in Europe have less of an emphasis on notification following corporate data breaches and more of a focus on personal control over data held by governments.
When cyber-related losses occur in Europe, more than half (59 percent) affect personal privacy, according to Advisen data. Personal financial identity ranked second, at 20 percent, although this may be attributed to the fact that fewer data breaches involving consumer payment cards are regularly announced for European organizations. Personal privacy includes the loss, exposure, or misuse of an individual’s name and address, driver’s license, email, birthdate, gender, vehicle registration information, photo, fingerprints, credit history, or medical records.
In terms of the reasons for privacy losses in European countries, the sources of loss range fairly evenly between printed records, websites, email, and lost laptops. Exposure or loss of privacy via servers and “other” causes comprise the top two causes of loss, according to Advisen data, as 25 percent and 19 percent, respectively. The recent Safe Harbor decision may add to the “server” category, since at issue in the case have been U.S. companies transferring data from the EU to U.S. servers for processing. Privacy advocates in Europe have voiced concerns that European data may be accessed by the U.S. government, with no recourse for EU citizens.