The Concept of Accountability in the Context of the Evolving Role of ENISA in Data Protection, ePrivacy and Cybersecurity

in Technocracy and the Law: Accountability, Governance and Expertise 247-284 (Alessandra Arcuri and Florin Coman-Kund, eds, Routledge, 2021).

41 Pages Posted: 14 Dec 2022

See all articles by W. Gregory Voss

W. Gregory Voss

TBS Business School; Toulouse Business School; University of Toulouse - Toulouse Business School

Date Written: May 28, 2021

Abstract

The European Union Agency for Network and Information Security (ENISA), is one of the “third generation” of EU agencies, active in the area of cybersecurity. Over a period of years this expert agency’s fundamental regulation has been amended and replaced, and its governing bodies modified. However, a sea change occurred when ENISA received significant additional responsibilities and resources as a result of the EU Cybersecurity Act. In such context, the Chapter’s essential focus is on whether or not accountability is a concern for ENISA today, given its development.

In the light of this evolution both in terms of ENISA’s fundamental regulation and its role, this chapter first provides an overview of theoretical perspectives regarding the accountability of EU agencies, as they are relevant to assess ENISA’s accountability, and describes ENISA as an expert body. Next, ENISA’s role in connection with certain aspects of EU legislation in data protection, ePrivacy, and cybersecurity is detailed, and most notably its creation of ‘soft law’ in these domains. An early challenge to ENISA’s legal basis is also discussed. The evolution of ENISA’s mandate, evidencing its growing importance, is detailed, and changes to its governance structures, as one solution to accountability challenges, are studied. Finally, additional discussion of accountability of ENISA in connection with its increased law ensues, with particular attention paid to its ‘soft law’ role, and potential need for a higher level of ex ante control in the form of greater ‘proceduralisation’ of law-making, prior to a making a forward-looking conclusion.

Keywords: ENISA, cybersecurity, EU Cybersecurity Act, data protection, ePrivacy, soft law, accountability, European Union agencies, agency governance

JEL Classification: K22, K23, K33, M15

Suggested Citation

Voss, W. Gregory, The Concept of Accountability in the Context of the Evolving Role of ENISA in Data Protection, ePrivacy and Cybersecurity (May 28, 2021). in Technocracy and the Law: Accountability, Governance and Expertise 247-284 (Alessandra Arcuri and Florin Coman-Kund, eds, Routledge, 2021)., Available at SSRN: https://ssrn.com/abstract=4290558 or http://dx.doi.org/10.2139/ssrn.4290558

W. Gregory Voss (Contact Author)

TBS Business School ( email )

1 Place Alphonse Jourdain
CS 66810
Toulouse Cedex 7, Occitanie 31068
France

Toulouse Business School ( email )

20, bd Lascrosses
Toulouse, 31068
France

University of Toulouse - Toulouse Business School ( email )

20, bd Lascrosses
BP 7010
Toulouse, 31068
France

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
60
Abstract Views
416
Rank
631,211
PlumX Metrics