Written by Zsolt G. Pataki.
The fifth-generation mobile network (5G) is not just a performance booster for current mobile communication networks, but is also a technology enabling the convergence of communication networks with another fundamental block of the digital era – computing. 5G technology is defined by a complex ecosystem, composed of heterogeneous stakeholders, technologies, methodologies and best practices.
On the one hand, this ecosystem offers new opportunities for digitalisation, a key reason for which 5G technology is envisaged as providing a cornerstone of European resilience and as one of the seven flagship areas of the European Recovery and Resilience Facility. On the other hand, the complexity of this ecosystem poses unexplored security and privacy concerns, risks and challenges that might threaten the feasibility of the future development of 5G. These issues, along with a possible lack of awareness about them, are factors that might lead to serious vulnerabilities regarding personal data and sensitive information. Protecting information is essential for EU citizens’ security and privacy. Information leaks can severely damage the European Union: 5G network security has become an intense battlefield between Western countries and China, where some of the main providers of 5G network equipment are established.
In this context, and in addition to two earlier studies on the impact of 5G (on human health and on the environment respectively), the European Parliament’s Panel for the Future of Science and Technology (STOA)commissioned another important study. This study aims at identifying the risks that the deployment of 5G technology could pose to EU citizens’ privacy, security, and businesses, and exploring their potential implications.
The unrivalled capability and flexibility of 5G have been made possible by a decades-long process of convergence between computing and telecommunications. Their merger brings to light a new ecosystem, where telecommunications and computing collaborate to enable new scenarios, and where stakeholders can extend their business offering and compete with each other. Throughout this epochal shift, a wide debate around privacy and security has unfolded. The complexity of the 5G ecosystem requires a deep insight into its main components, and especially into how the components affecting privacy and security interact with each other. To this end, the authors of the study performed an impact assessment based on a research conceptual map divided into four categories (privacy, security, technologies, ethics/politics), focused on the identification and analysis of the new potential risks, challenges and opportunities that 5G technology entails with respect to privacy and security.
On this basis, they formulated a set of policy options for potential enhancements of the next releases of technical specifications and regulations, organised into three dimensions (privacy, security and ethics):
- The policy options for mitigating privacy risks and challenges include, inter alia, that any organisation involved in the EU 5G ecosystem should establish a controller or a processor and should encourage its own legal departments to perform a transfer impact assessment (TIA). A potential alternative path would be to adopt a hybrid approach where personal or sensitive data is stored locally, close to and within an individual’s national boundaries (edge cloud) and less-sensitive data is stored in the cloud. Adopting a personal data wallet – a digital area where individuals can access data, provide consent and receive notifications – could be considered as a fundamental tool for exercising the rights to privacy and data protection. New European legislation will also have to monitor the evolution of the privacy issue in the next specifications and deployments of 5G technology, and ensure data sovereignty, as the 5G ecosystem requires the cooperation of several stakeholders located worldwide.
- Options to reduce security risks and challenges include network softwareisation and flexibility, with standard rules and procedures to be considered for reducing ambiguities between network components, monitoring the evolution of multiconnectivity, and accelerating cybersecurity standards – as existing cybersecurity guidelines are implemented by service and component providers in line with their internal procedures, 5G should adopt common standards for cybersecurity.
- Ethics risks and challenges may be related to a lack of citizen awareness of the impacts of 5G on ethical issues. More democratic access to adequate information on 5G ethics impacts should be provided. Awareness and critical thinking should be nurtured in the context of digital and data literacy within lifelong education projects, as well as in schools. A tailored regulatory framework for applied ethics in 5G (in the same way as there are other kinds of applied ethics, such as AI ethics, roboethics, etc.), may be needed at the EU level. The accountability, trustworthiness and reliability of 5G and related technologies (e.g. AI, IoT, robotics, etc.) has to be considered in the regulatory framework governing the implementation of 5G verticals (e.g. eHealth, smart cities, energy, etc.).