Communications Litigation Today was a Warren News publication.

Panel: 5G Raises Privacy, Cybersecurity Concerns, Regulatory Confusion

5G's better connectivity carries potential risks to data protection and cybersecurity, and the regulatory landscape is murky, Hogan Lovells attorneys said Wednesday on a virtual law firm panel. To achieve increased connectivity, international data transfers must be more seamless and frequent than now, but legal frameworks currently restrict data flows, said Eduardo Ustaran. As 5G enables more data transfers, assessing the risks it poses becomes more important, he said. The U.K. Information Commissioner's Office requires organizations to undertake data risk assessments, but 5G changes the situation by introducing a new element of technology and possibly new equipment vendors. The picture is changing rapidly in the Asia-Pacific region, where there's a patchwork of fast-changing laws in each jurisdiction, with more restrictions on data transfers, said Mark Parsons. AI facilitated by 5G will have a growing significance in people's lives and will also accelerate the body of law around it, Ustaran said. Current laws commonly mandate increased accountability and governance for organizations involved in developing AI, he said. 5G was designed during an era more safety-focused than earlier mobile iterations, and some of its improvements do away with entire catalogs of cybersecurity threats, said Nathan Salminen: But every software has vulnerabilities, and "the danger here is unknown." The technology enables a huge amount of metadata that could threaten cybersecurity, said Ana Rumualdo; network and device security, encryption and government regulation will be important, as will limits on who can access all that real-time data. Asked about the current and future regulatory scene, speakers urged businesses to expect change. The U.K. wants to show its departure from the EU can deliver some benefits and the current government wants to support innovation and technological development, so will likely try a lighter regulatory approach, said Ustaran. Expect a more risk-based approach to regulation for technology and 5G, but also much uncertainty about what companies must do to comply, he said. The EU is focused on accountability and data governance; it worries about how much real-time data from individuals will be made available and how people can effectively enforce their rights, said Joke Bodewits. The U.S. has begun regulating critical infrastructure and software more closely, and many pieces of 5G will fall under those measures, said Salminen: Expect to see more 5G-specific legislation in coming years. There's a "glimmer" of convergence for privacy and data protection rules in Asia, but not as much of a focus on cybersecurity, said Parsons. Some countries, such as China and Vietnam, now have many regulations on 5G uses, and that trend will continue, raising questions about potential Balkanization across the region, he added.