Centro de Documentação da PJ
Analítico de Periódico
CD 357
Botnet defense under EU data protection law [Recurso eletrónico] / Piotr Rataj
Computer Law & Security Review, Vol. 56 (April 2025), 14 p.
Ficheiro de 882 KB em formato PDF.
PROGRAMA MALICIOSO, SEGURANÇA DE DADOS, PROCESSAMENTO DE DADOS, DADOS PESSOAIS, PROTECÇÃO DOS DADOS, DIRECTIVA COMUNITÁRIA
We analyse the legal framework spanned by EU data protection law with respect to the defence against botnet related threats. In particular, we examine what legal constraints the General Data Protection Regulation (GDPR) (and others) impose on the processing of personal data when that processing aims at detecting botnet-related traffic. We thereby put data protection rules into perspective with current trends in European IT security regulation, specifically Directive 2022/2555/EU (NIS 2 Directive). We find that the resulting legal landscape is complex and has not yet been sufficiently explored. Our analysis provides an initial evaluation of a wide range of emerging legal issues. In particular, we consider four typical processing scenarios, such as DNS sinkholing by a public authority or sharing of cybersecurity-related personal data, and discuss some of their legal problems, linking them as thoroughly as possible to potentially relevant case law of the European Court of Justice.
