DATA PROTECTION AND CYBERSECURITY: CASE-LAW OF TWO EUROPEAN COURTS.

Cybersecurity is not easily defined. The 2019 EU Cybersecurity Act defines it as the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats.1 Enduringly, cybersecurity was associated with national security, without consideration of what 'secure' Internet means for individual users. In reality, cybersecurity policy focused by and large on systems rather than users, i.e., people. However, as a policy area concerned with online behavior regulation, its definition and implementation inevitably has profound implications for human rights, especially in regard to data protection and freedom of expression. Unsurprisingly, cybersecurity has become a new human rights battleground.2 The EU Cybersecurity Act and subsequent legislation represent a normative shift in our conception of data ownership, putting ownership and control of personal information in the hands of the user rather than the service provider. Luckily, there have been positive legislative shifts regarding data protection in the context of the EU cybersecurity policy at EU level. But are they (or will they be) adopted by European courts? To answer, this paper peers into the relevant case-law of the Court of Justice of the EU as well as of the European Court of Human Rights. [ABSTRACT FROM AUTHOR]