The challenges of 5G
In today’s world, we have been hearing about the concept of “5G” for some time now, and in some cases, we even see news that in some countries, such as China, this technology has been implemented autonomously in some cities. Everything points to 5G being the future and, in some cases, the present, and there is a lot of talk about its great advantages. But what are the challenges posed by this technology? The AEPD gives us some clues about the aspects to be taken into account in terms of privacy.
Accurate geolocation of the user
To understand this issue properly, it is necessary to understand, at least in a basic way, how 5G technology works and what requirements it needs. In order to deploy it, higher transmission frequencies are needed than those that have been used with 1G to 4G technologies, which are the ones that have been used until now, and continue to be used, by mobile phone networks. This higher frequency, in a nutshell, will allow much faster transmissions to be achieved. However, this means that the range of the signal will be reduced in the open field and the signal will be more sensitive to obstacles that may be encountered.
This will inherently require many more access points outdoors and indoors, and especially in large areas, thus leading to a higher density of access points and a more compact access network. This larger network will make it possible to locate users’ terminals much more precisely (with a margin of error of less than one metre), so that the safeguards for protecting users’ personal information will have to be multiplied to ensure that their rights are not infringed.
Exponential increase in profiling and automated decisions
5G cannot be understood without the Internet of Things (IoT). The data in circulation will grow exponentially (both in quantity and in categories), which, together with the number of devices connected to the network (mobiles, cars, houses, fridges, etc.) will lead to a practically univocal individualisation of each person, who will receive a multitude of services in real time automatically through Artificial Intelligence, Virtual Reality, Augmented Reality, etc.). It should be remembered that the GDPR guarantees the right of data subjects not to be subject to automated decisions, so we will have to see how this right is compatible with the operation of the technology itself.
Sharing of responsibility between manufacturers, network operators and service providers
In view of the above, it is logical to think, and this will be the case, that the number of actors involved in the processing of personal data will increase, taking into account the configuration of the 5G network itself and the multiple new services that will be provided through it. In order to guarantee the rights of data subjects, the application of responsibilities should be properly defined and transparently clarified, as the responsibility of each of the actors could be diluted, leaving data subjects unprotected.
Differing privacy objectives and interests among the parties involved
It is not surprising that each of the parties involved in the exploitation of 5G will have different interests in various areas, from personal data protection to commercial objectives, including national security.
An agreement will have to be reached regarding the combination of all the interests that, in some cases, will be conflicting, but that at the same time will allow a correct and normal exploitation of the technology by all the actors, including users.
Exponential increase in the area of exposure to cyber-attacks
The greater participation of agents operating in 5G technology, new services, greater connectivity, interoperability and entry and management points to the network means an increase in threats and the possibility of access to the network. In short, the fact that the number of entry points will multiply will mean that the security measures to be implemented will also need to be multiplied.
In a similar vein, it is important to note that it is quite possible that problems will be inherited from previous technologies, although it is expected that such problems can be solved relatively easily. This stems from the fact that a technology that was previously differentiated for a specific purpose will now have a general purpose and may therefore be sensitive and permeable to attacks on conventional technologies.
Also, the exploitation of virtual environments and shared functions can be problematic due to data leaking from one virtual environment to another shared environment.
Lack of a homogenous security model
Once again, the multiple (almost infinite) connections that will exist with the implementation of 5G must be taken into account. This poses a major problem, as each of the different operators will have their own security standards defined, so unless the criteria and standards that any agent must meet to participate in the market and, ultimately, in people’s daily lives, are homogenised, the same standards will have to be established to minimise the existing risks.
Otherwise, there is a risk that the overall security of the network will depend on that of the weakest or least secure actor, and that vulnerability could be exploited to the detriment of all participants.
Conclusion
In short, 5G, IoT and all related technologies (Artificial Intelligence, Virtual Reality, Augmented Reality…) represent a huge development and an unprecedented leap in terms of the possibilities it brings to all aspects of life, from entertainment to medicine.
However, this development also requires an exponential improvement in security and interoperability measures to ensure the protection of personal data by all actors.
The real question to ask ourselves is therefore as simple as it is complex: are we ready?
At Letslaw we are experts in data protection, and we can help you with any question you may have.
Letslaw es una firma de abogados internacionales especializada en el derecho de los negocios.