EU Ministers’ cybersecurity deal leaves consumers vulnerable

PRESS STATEMENT - 08.06.2018

EU telecommunication ministers reached a common position today on a certification scheme for connected products and services as well as new measures to bolster the Union’s cybersecurity agency. The plans fall short of making connected products more secure for consumers: manufacturers will not have to adhere to minimum cybersecurity requirements such as security updates or encryption of things like their smart watches or connected cars.

 

BEUC member organisations – national consumer groups – have in recent months revealed safety, security and privacy risks in connected consumer products, especially smart toys and smart homes.1 Connected toys could easily be hacked allowing strangers to talk to a child for example. Smart home appliances (such as thermostats used for heating and door locks) can damage a family’s safety, security and economic situation.

The EU’s plans for a certification scheme which is only voluntary will not help improve the security features of connected products.

The proposal’s final shape will depend on negotiations between Member States and the European Parliament. The latter will vote later this month to set its own position.

Monique Goyens, Director General of BEUC, commented:

“This is a missed opportunity. Without mandatory security requirements, producers can still sell connected products which lack basic security standards.

“Connected products are invading consumers’ lives and houses. When toys, toothbrushes and toasters can connect to the internet, basic security features such as password protection and encryption must be the norm. Too often this is not the case, which puts consumers, and especially children, at risk.2

“Member States and the European Parliament need to oblige manufacturers to have products that are cybersecure by design and by default when put on our markets.”

 

END

 

1 BEUC member organisations who tested connected products include (UK), (BE), (DE), (NO) and (ES).

2 86% of consumers – according to a survey from 2017 – believe that there is a risk of being victim of a cybercrime.