6

Many of today's security concerns originate from instability in the European Union's immediate neighbourhood and changing forms of radicalisation, violence and terrorism. Threats are becoming more varied and more international, as well as increasingly cross-border and cross-sectorial in nature. What are the priorities of the European Agenda on Security for the next five years?

Security is one of the biggest concerns for Europeans. The threats we face are constantly evolving, and are becoming increasingly cross-border and multi-faceted in nature. Our response needs to be equally comprehensive and dynamic.

While security is a national competence, the EU provides real added value for Member States. Our work at the European level is based on three main pillars - countering terrorism and the radicalisation which lies at its root, fighting serious and organised crime, and strengthening cybersecurity. These issues are not going to disappear any time soon and our work towards an effective and genuine Security Union will need to be built upon in the future.

And so we will continue to focus on our priorities over the next few years. We are fighting terrorism by closing down the space in which terrorists operate by making it harder for them to travel, to finance themselves and to acquire weapons and explosives. We are protecting our public spaces from terror attacks. We are fighting the root cause of terrorism by preventing the radicalisation of our young people. We are improving how we collect and share information to support national authorities in countering terrorism and serious crime.

And we are increasing preparedness and strengthening resilience in the face of cyber and hybrid threats, including malicious interference in our elections and the Chemical, Biological, Radiological and Nuclear (CBRN) threat.

On 25 May, the EU Passenger Name Record (PNR) Directive came into force, a key piece of EU security legislation to better identify travelling terrorists and criminals and trace criminal networks. How will these rules reflect improvements in practice?

The EU PNR Directive is an essential instrument to strengthen the EU's common response to terrorism and serious crime. It enables Member State authorities to identify suspicious travel patterns and potential criminals and terrorists. It fills an important information gap, allowing us to better monitor who is crossing our borders and whether they pose a potential security threat to our citizens. It is an important tool for preventing, detecting and investigating offenses such as drugs and human trafficking and child sexual exploitation. There is no other tool which enables law enforcement authorities to identify 'unknown suspects' in the same way as the analysis of PNR data. We recognise that implementing the PNR Directive is not an easy task - it requires legislative work and the significant investment of time and resources. So, in order for the Directive to deliver maximum benefit through its full implementation, we will continue to provide the necessary support to those Member States who have not yet done so, including Slovenia. Security is not something Member States can face alone. We are all in it together and we can succeed only if we work together too.

With regard to the United Kingdom's withdrawal from the EU, how do you see post-Brexit security cooperation with the EU?

Both the UK and the EU have made it clear that security cooperation should continue after Brexit. But just because something is desirable does not mean it will be straightforward. When the UK leaves the EU, security cooperation will not cease. But with the UK as a third country, the cooperation will need to be on a different basis. I believe that ensuring cooperation on security issues is in our mutual shared self-interest. The challenge for the work on both sides over the coming months is to find a way of delivering that in a mutually beneficial and workable way.

The EU and the world continued to face multiple evolving cyber-threats. It is estimated that every day, more than five million data records are lost or stolen and more than 4,000 ransomware attacks are launched. What are the main highlights of the General Data Protection Regulation (GDPR) that are effectively dealing with cybersecurity challenges?

The cyber threat facing us is multi-faceted and cross-border, and we need to work together at the European level to counter it - cyber-criminals do not care what country their victims are in. GDPR will help to strengthen this cooperation. It enhances data and cybersecurity at a fundamental level, preventing data breaches before they occur - whether it's through hacking, phishing or malware attacks. It does this by imposing greater accountability on any entity - a company or a person, say - which processes data to ensure the security of that data.

They need to consider the likelihood and severity of the risk of a breach and where appropriate, take action such as the 'pseudonymisation' and encryption of data. There are also strengthened reporting requirements in the event of a cyber attack related data breach, including in the framework of the Directive on the security of network and information systems (the NIS Directive). In addition, GDPR provides for clear remedies for the owners of data, including the right to compensation, in the event of a breach. Equally important, GDPR establishes the principle of data protection by design and by default, meaning that the security of data needs to be taken into account during the whole process.

The new rules also reinforce the role of the national data protection authorities; the enforcers of the EU data protection rules. It enables better cross-border cooperation and harmonises their enforcement powers. Beyond GDPR, our work to strengthen cybersecurity includes a package of measures brought forward last September designed to build our cyber resilience, to reinforce our cyber deterrence and to support Member States in cyber defence. It included a proposal for a Cybersecurity Act which will see the mandate of the existing EU Network and Information Security Agency (ENISA) strengthened to transform it into a genuine Cybersecurity Agency, as well as the creation of a certification framework to ensure that products and services meet the highest standards of cybersecurity. Plans for the Act are well advanced and the Commission is working with the European Parliament and Council with the aim of reaching an agreement by the end of the year.

In addition, in April we published proposals to combat the growing threat posed by disinformation and Fake News online, including through a Code of Practice on Disinformation for internet platforms, support for an independent network of fact-checkers, and a series of actions to stimulate quality journalism and promote media literacy.

What can you share from your recent visit of the Middle East where you were discussing issues related to cybersecurity and counter-terrorism?

Security is a global issue and requires international cooperation, both within the EU and beyond its borders. We work closely together with our partners in the Middle East and on my recent visit to the region I met with Israeli and Palestinian security and government representatives to discuss these issues.