[Owasp-leaders] WebApp Sec & Legal

Ludovic Petit ludovic.petit at owasp.org
Mon Feb 11 15:39:16 UTC 2013


Here is the document of reference from the European Commission:


*Proposal for a regulation of the European Parliament and of the Council on
the protection of individuals with regard to the processing of personal
data and on the free movement of such data (General Data Protection
Regulation)*


http://register.consilium.europa.eu/pdf/en/12/st05/st05853.en12.pdf


I would suggest to focus to the following part of this important document


   - *§ 3.4. Detailed explanation of the proposa*l, for a brief description
   of each Article
   - *Article 79*, Administrative sanctions

Although this is a Proposal for a Regulation, you’ll understand that
Article 79 is important, this in a possible perspective of jurisprudence.
Here you have the framework anyway.


We have to bear in mind that most European Regulatory bodies tend to
reinforce the Legal frameworks, and as such, each member state has 18
months to ratify the European decisions to local law.


But, in the case of an European Decree, once this one official (and this is
only a matter of months for the Decree mentioned above), it will be
immediately applicable by all members States of the European Union.


That’s why I would - modestly- suggest to keep a sharp eye close to the
Legal Framework when talking about (WebApp) Security, because nowadays,
Legal determines the technical means to implement for being compliant.


Which leads to... Liability. But this, is another story, and I don’t wish
to be boring in an endless post. I just whised to trigger interest on Legal
because it has/will have a huge impact on the way to handle (Web
Application as well) Security.


Thank you guys for having taken time to read these few lines,  any
thoughts/comments welcome!


Ludovic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130211/acc028ee/attachment.html>


More information about the OWASP-Leaders mailing list