BlackBerry Limited
BlackBerry helps organizations defend against cyber threats.
ID: 251259032370-30
Lobbying Activity
Response to Cyber Resilience Act
23 Jan 2023
Dear European Commission, BlackBerry is a global leader in cybersecurity. For close to 40 years, BlackBerry has invented and built trusted security solutions to give people, governments, and businesses the ability to stay secure, mobile and productive. We have reviewed the draft cyber-resilience act and provide comments in the attached.
Read full responseResponse to Type approval of motor vehicles regarding access to in-vehicle generated data
2 Aug 2022
This consultation should seek to identify means to align the horizontal and sectorial EU with the UNECE Regulations 155 and 156 on cyber security and software update management system. Specifically, directives 2014/53/EU and (EU) 2019/2144 should fully align with the network and cyber security provisions laid down by the aforementioned UN vehicle regulations. Additionally, a consistent delineation should be found between the revised rules and the application of the GDPR and of the draft EU Data Act.
Read full responseResponse to Requirements for Artificial Intelligence
23 Jul 2021
Please find attached our response to the consultation on the draft AI Act. We are thankful to the Commission for giving us the opportunity to contribute.
Read full responseResponse to Data Act (including the review of the Directive 96/9/EC on the legal protection of databases)
23 Jun 2021
BlackBerry, the global cybersecurity software and services company, welcomes the opportunity to provide input to the EC roadmap on the EU Data Act. We support efforts put by public authorities to promote data sharing and access, and welcome the Commission’s interest in the field. The ability to share data both across multiple organizations and sectors and across borders are highly important for the development of cutting-edge data-driven solutions. The identification of policy and regulatory solutions that promote data transfers across the EU and globally, voluntary data sharing between entities, as well as principles like transparency of contractual obligations, development of smart contracts and of technological solutions for data analytics, are very much welcomed. We also agree with the objective to address “the difficulties of access to and use of data in specific situations, including in a B2B context”.
Notwithstanding the above, when laying out a framework for data access governance, regulators should also be cautious in acknowledging that each organization, technology, dataset, or use case may require specific carve-outs or exemptions depending of the unique context in which they operate.
Firstly, from a cybersecurity perspective, a non-selective obligation to make data accessible to any interested third party could pose significant risks by inadvertently expanding the attack surface. This is particularly true for cases where providers of cybersecurity solutions are forced to open their datasets which could be used by ill-intentioned actors to reverse-engineer the security of their products, based on the data that the company has generated from its security operations and software development and deployment. Uncontrolled access to such datasets would create major safety, cybersecurity, data protection and privacy threats, by compromising the integrity of the data thus heightening the risk of data breaches, especially for highly critical sectors and emerging technologies such as connected vehicles and e-health.
From a competition and intellectual property protection angle, it is also crucial to guarantee that data owners retain full control over whether they can share or transfer data, to whom, and on what terms. Mandatory requirements for making proprietary and often commercially highly sensitive datasets open to everyone may lead to an adverse effect where instead of supporting growth of scaling-up companies, the imposed measures lead to stifling innovation and to the eruption of anti-competitive practices. Failure to account for these risks can be detrimental for global and European businesses, and not only to larger industry players, but also to small and medium sized firms which also strive to effectively compete on the global markets with their IPR and know-how.
Another element worth considering is that the pervasiveness of digital services and technologies have transformed the concept of data use, storage, ownership and control. The digitization of traditional (non ICT sectors) have led to creating business solutions where data is either jointly owned by the third-party technology provider and its customer, or, most often, processed by the former on behalf of the latter (who remains the sole legitimate data owner). Often these technology providers will act as a subcontractor to or as part of the global supply chain deployed by the data owner. These elements should be dully considered as to ensure that organisations are not forced to share their customers’ data without their consent, but also as such a model risks conflicting with other requirements under EU, Member State or international law, or trade obligations under WTO and other international mechanisms.
We are looking forward to contributing to the upcoming consultation and strongly encourage that any legislative initiative is underpinned by the ‘better regulation’ principle and supported by a thorough impact assessment and stakeholder input.
Read full responseMeeting with Gertrud Ingestad (Director-General Informatics)
20 Feb 2019 · IT Security
Meeting with Vivian Loonela (Cabinet of Vice-President Andrus Ansip)
13 Dec 2018 · Presentation of the BlackBerry's activities on Cybersecurity, Internet of Things, etc.