standardisation Research & Education

Standardisation + Personal data protection and cybersecurity

Our research focuses on issues of alignment of international and European standards and specifications with legal requirements, questions of substantive and procedural legitimacy of standardisation stakeholders, good governance principles and the application of Global Administrative Law, and quality of standards.

Cyber- and information security standardisation has been active since the very beginning of Information Technologies and Information Communication Technologies. EU legislation such as the Cybersecurity Act has offered a new perspective to cybersecurity standardisation, but also conformity assessment.

The protection of personal data is an emerging standardisation field. With the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications legislation, technical standards pertaining to several aspects of data protection have been at the spotlight of regulators and policymakers, as well as standardisation bodies. A new Technical Committee was established at CEN and CENELEC and new dedicated technical groups and committees at international standardisation fora and consortia, such as the World Wide Web (W3C) forum.

Relevant publications include

  • Kamara, I. (2021). Misaligned union laws? A comparative analysis of certification in the Cybersecurity Act and the General Data Protection Regulation. In D. Hallinan, R. Leenes, & P. De Hert (Eds.), Data protection and privacy: Data protection and artificial intelligence (pp. 83-110). (Computers, Privacy and Data Protection). Hart Publishing. 
  • Quemard, J-P., Schallabok, J., Kamara, I., & Pocs, M. (2019). Guidance and gap analysis for European standardisation: Privacy standards in the information security context. (1 ed.) ENISA.
  • Kamara, I., Leenes, R., Stuurman, C., & van den Boom, J. (2020). The cybersecurity certification landscape in the Netherlands after the Union Cybersecurity Act. National Cybersecurity Centre
  • Stuurman, C., & Kamara, I. (2016). IoT standardization. The approach in the field of data protection as a model for ensuring compliance of IoT applications? In 2016 4th International Conference on Future Internet of Things and Cloud Workshops: Workshop Proceedings (pp. 336-341). IEEE Computer Sciences. 
  • Kosta, E., & Stuurman, C. (2015). Technical standards and the draft general data protection regulation. In D. Panagiotis (Ed.), The Law, Economics and Politics of International Standardization (pp. 434-459). Cambridge University Press.