Following an insightful field trip to Europol on Tuesday with guest lectures from Daniel Drewer, Philipp Almann, and Jan Ellermann of Europol – many thanks to Europol for this collaboration!!! – yesterday our students were presented with a view on global cybersecurity legal and policy frameworks!

Multinational corporations are often faced with fragmented, and sometimes conflicting, national or regional data protection and cybersecurity requirements. For this reason, our guest lecturer Mika Lauhde examined the pros and cons of diverse legal and policy approaches to cybersecurity. Mika explored how multinationals can successfully develop a solid cybersecurity strategy and cope with possible inconsistent local requirements. Following the lecture, students had to deal with a case study (as part of their tutorial) in which they work for a European international ICT Company that provides digital services to citizens in many countries, located both inside and outside of the European Union. In the scenario, one of the company’s non-European office branches sends the HQ information, informing the HQ that they have received a subpoena from local law enforcement related to a drug trafficking suspect. The Law Enforcement Authority (LEA) is requesting information concerning the company’s customer located in another country where the LEA is also located (a country outside of the European Union/EEA). Information requested by the LEA includes IP address, name, purchasing history and physical location, all transactions, the relationship between the company and the individual, and the relationship between the individual and other clients of the company. Students were requested to present how they would handle the case, knowing that the company’s reputation and business are at stake.

The discussions, as always, were very thought-provoking and confirm the utility of the problem-based learning approach we use to ensure that the real world relevance of what is learned can be applied in practice.