The exponential rise of digital products in the “Internet of Things” (IoT) age offers us all convenience and efficiencies—but also makes us more vulnerable to cybersecurity attacks. IoT devices often have weak security, which means our smart thermostats, fridges and fitness trackers can be hacked by bad actors who want to steal or manipulate sensitive data.
The European Union’s efforts to address this issue have resulted in policies that may backfire on consumers, says Ido Sivan-Sevilla, a social scientist and technologist who is a professor at the University of Maryland’s College of Information Studies. He unpacks this phenomenon in his study “Europeanisation on demand: the EU cybersecurity certification regime between market integration and core state powers (1997–2019)” (Journal of Public Policy, August 2020). Through interviews with 18 government and industry stakeholders and a review of 41 relevant policy documents, Sivan-Sevilla tracked two decades of policy development in EU digital security certification, concluding with the 2019 EU Cybersecurity Act.