On November 25th M-Sec partners held a Webinar on the regulatory challenges of implementing M-Sec in a modern smart city context. Want to know more?
On the 25th of November, at 9am CET (Brussels Time), M-Sec partners held a Webinar entitled “GDPR & APPI: Regulatory challenges in modern smart cities”, with the main goal of presenting the current status of EUâ€™s GDPR and Japanâ€™s APPI Regulation, why are they needed in a smart city context and how the M-Sec solution is trying to comply with that regulation and at the same time secure and protect the data that is exchanged between the millions of users of IoT devices/applications.
At a time when people and IoT devices/applications are more connected than ever across the world, there is an increasing need to protect the information and data that is exchanged, namely personal information from individual users of those devices and applications. And, thus, the need for personal information protection laws. This was done in Europe and also in Japan, through the GDPR, a law for protecting personal information in Europe that came into force on 2018, and APPI, a law for protecting personal information in Japan that came into force on 2003, and was amended in 2020. However, although the EU and Japan have recognized both regulations, there are still some gaps and rules which are not equivalent.
But why are both these personal data protection regulations a challenge for the M-Sec project? With the main goal of securing all layers of IoT devices/applications used in a smart city context, which can be subject to cyber-attacks, the M-Sec technological solution deals with a lot of data flow and with all kinds of data – personal, pseudonymous and anonymous data, and needs to came up with a solution to anonimize all that data that is exchanged between people and IoT devices/applications, so that they are less subject to cyber-attacks. This is why the project has came up with a GDPR & APPI strategy in which, whenever possible, the data is anonimized. Moreover, the M-Sec researchers are also testing a blockchain-based platform which will be part of the M-Sec solution that will have an auditing service, able to put any IoT device/application associated to the platform in quarantine when attacked, also alerting end-users who have been collecting data from those IoT devices/applications.
In the end, a small on-site questionnaire was launched to all participants, to test their newly-acquired knowledge on personal data protection regulation and the feedback could not have been greater!
Whether you did not have the chance to watch the Webinar or you enjoyed it so much that you want to go for it a second time, here is the recording of the event: