Difference between revisions of "D7.4 - Legal sustainability recommendations"
Hans.graux (talk | contribs) |
|||
(2 intermediate revisions by 2 users not shown) | |||
Line 6: | Line 6: | ||
To the extent that DE4A builds on the SDGR, this will entail an explanation of the governance and sustainability mechanisms foreseen in the SDGR and its IR, and an explanation of how DE4A outputs fit in. | To the extent that DE4A builds on the SDGR, this will entail an explanation of the governance and sustainability mechanisms foreseen in the SDGR and its IR, and an explanation of how DE4A outputs fit in. | ||
− | However, there are a number of topics (identified below) for which the outputs don’t fit neatly or perfectly into the SDGR/IR context. To add value to the deliverable, we will try to provide suggestions on how these can be sustained as well – within the SDGR, within other legislation (eIDAS 2, Data Governance Act, Data Act), or via new initiatives. | + | However, there are a number of topics (identified below) for which the outputs don’t fit neatly or perfectly into the SDGR/IR context, and/or for which other legal developments are relevant. To add value to the deliverable, we will try to provide suggestions on how these can be sustained as well – within the SDGR, within other legislation (eIDAS 2, Data Governance Act, Data Act, Interoperable Europe Act), or via new initiatives. |
== Topics to be examined == | == Topics to be examined == | ||
Line 13: | Line 13: | ||
The topics should be developed by the consortium as a whole. This wiki page is intended to capture suggestions, proposals and requirements/expectations from the consortium, which will then be iteratively developed by the WP7 (legal) team for the final deliverable. | The topics should be developed by the consortium as a whole. This wiki page is intended to capture suggestions, proposals and requirements/expectations from the consortium, which will then be iteratively developed by the WP7 (legal) team for the final deliverable. | ||
− | Topics should be finalized in January, so that the deliverable can be submitted in March, as foreseen. | + | Topics should be discussed during a workshop and then finalized in January, so that the deliverable can be submitted in March, as foreseen. |
{| class="wikitable" | {| class="wikitable" | ||
|'''Topic''' | |'''Topic''' | ||
− | |'''Why is | + | |'''Why is there a need for legal sustainability measures?''' |
|- | |- | ||
|'''Subscription and notification''' | |'''Subscription and notification''' | ||
− | |Needs to be clear how these can be organized – how they can be built on the basis of the SDGR, or how they can be created independently from it (and in the latter case, whether the technical system can be used for it) | + | |Needs to be clear how these can be organized – how they can be built on the basis of the SDGR, or how they can be created independently from it (and in the latter case, whether the technical system can be used for it). ''Special care should be taken to the consent freshness, as in this case, the transaction is not immediate. A citizen should have the means to revoke the subscription at any point before the notification happens.'' |
|- | |- | ||
|'''Mobile wallets''' | |'''Mobile wallets''' | ||
− | |Is within | + | |Is within the scope of eIDAS2 of course; needs to be clear how wallets fit into the SDGR once-only logic - connector between eIDAS and technical system. Or alternatively, if it doesn’t fit in there, how wallets can/should be supported in eGov transactions. ''The key point is: wallets cannot offer the same data integrity, freshness and leak protection measures as a government source data storage. Does this fit the eIDAS2 requirements for substantial/high LoA? Paper/pdf-based evidence issuing was a not-perfect but necessary solution in the lack of trusted interoperable channels between the source and the consumer, but the benefits of a wallet need to be carefully analysed in oposition to SDG interoprable services.'' |
|- | |- | ||
|'''VCs''' | |'''VCs''' | ||
− | |eIDAS 2 partially covers this via attribute assertions, but the SGDR really has no | + | |eIDAS 2 partially covers this via attribute assertions, but the SGDR really has no framework for it. ''The need is: analyse if the signed VC issuing process, wallet custody and VC presentation and verification meet the security and trust requirements SDGR and eIDAS2 impose. Otherwise, a set of technical specifications for VC issuing, wallet custody and VC presentations must be developed to consider VC channel SDGR and eIDAS2 compliant.'' |
|- | |- | ||
|'''Fine grained powers / powers catalogue''' | |'''Fine grained powers / powers catalogue''' | ||
− | |Not really clear yet how this can be fit into the eIDAS 2 discussions – likely linked to SEMPER take-up, but also needs very extensive discussion on actual needs and semantics. | + | |Not really clear yet how this can be fit into the eIDAS 2 discussions – likely linked to SEMPER take-up, but also needs very extensive discussion on actual needs and semantics. May be linked to the Interoperable Europe Act (see below) as well - to be examined. |
|- | |- | ||
|'''Representation in general (e.g. parent-child, guardianship, etc)''' | |'''Representation in general (e.g. parent-child, guardianship, etc)''' | ||
|Comparable to the above, but not covered by SEMPER. To be discussed on whether/how/when a model can be established. VCs could be a viable tool | |Comparable to the above, but not covered by SEMPER. To be discussed on whether/how/when a model can be established. VCs could be a viable tool | ||
− | |||
− | |||
− | |||
|- | |- | ||
|'''Links to Data Act and Data Governance Act''' | |'''Links to Data Act and Data Governance Act''' | ||
|Under the DGA, Member States should establish a single information point to act as an interface for re-users that seek to re-use data, which should be able to rely on automated means where it transmits enquiries or requests for re-use. Can be linked to the SDG (or even to the technical system). | |Under the DGA, Member States should establish a single information point to act as an interface for re-users that seek to re-use data, which should be able to rely on automated means where it transmits enquiries or requests for re-use. Can be linked to the SDG (or even to the technical system). | ||
+ | |- | ||
+ | |'''Relationship to the recently proposed Interoperable Europe Act.''' | ||
+ | |The Act could be an opportunity to deal with several technical and semantical interoperability issues, depending on its scoping - to be examined further. | ||
|} | |} | ||
== Potential approaches to ensure legal sustainability == | == Potential approaches to ensure legal sustainability == | ||
− | + | The selected approaches for legal sustainability will probably be different per topic, but options will include: | |
· Changes in SDGR, IR, guidance on interpretation/implementation via the defined governance mechanisms of the SGDR and IR | · Changes in SDGR, IR, guidance on interpretation/implementation via the defined governance mechanisms of the SGDR and IR | ||
Line 49: | Line 49: | ||
· Or DGA/Data Act | · Or DGA/Data Act | ||
+ | |||
+ | · Or Interoperable Europe Act | ||
· Or new initiative altogether – SDGR 2? | · Or new initiative altogether – SDGR 2? |
Latest revision as of 10:40, 7 December 2022
Introduction
The objective of D7.4 is to provide recommendations on how to ensure the sustainability of DE4A outputs from a legal perspective.
To the extent that DE4A builds on the SDGR, this will entail an explanation of the governance and sustainability mechanisms foreseen in the SDGR and its IR, and an explanation of how DE4A outputs fit in.
However, there are a number of topics (identified below) for which the outputs don’t fit neatly or perfectly into the SDGR/IR context, and/or for which other legal developments are relevant. To add value to the deliverable, we will try to provide suggestions on how these can be sustained as well – within the SDGR, within other legislation (eIDAS 2, Data Governance Act, Data Act, Interoperable Europe Act), or via new initiatives.
Topics to be examined
The topics should be developed by the consortium as a whole. This wiki page is intended to capture suggestions, proposals and requirements/expectations from the consortium, which will then be iteratively developed by the WP7 (legal) team for the final deliverable.
Topics should be discussed during a workshop and then finalized in January, so that the deliverable can be submitted in March, as foreseen.
Topic | Why is there a need for legal sustainability measures? |
Subscription and notification | Needs to be clear how these can be organized – how they can be built on the basis of the SDGR, or how they can be created independently from it (and in the latter case, whether the technical system can be used for it). Special care should be taken to the consent freshness, as in this case, the transaction is not immediate. A citizen should have the means to revoke the subscription at any point before the notification happens. |
Mobile wallets | Is within the scope of eIDAS2 of course; needs to be clear how wallets fit into the SDGR once-only logic - connector between eIDAS and technical system. Or alternatively, if it doesn’t fit in there, how wallets can/should be supported in eGov transactions. The key point is: wallets cannot offer the same data integrity, freshness and leak protection measures as a government source data storage. Does this fit the eIDAS2 requirements for substantial/high LoA? Paper/pdf-based evidence issuing was a not-perfect but necessary solution in the lack of trusted interoperable channels between the source and the consumer, but the benefits of a wallet need to be carefully analysed in oposition to SDG interoprable services. |
VCs | eIDAS 2 partially covers this via attribute assertions, but the SGDR really has no framework for it. The need is: analyse if the signed VC issuing process, wallet custody and VC presentation and verification meet the security and trust requirements SDGR and eIDAS2 impose. Otherwise, a set of technical specifications for VC issuing, wallet custody and VC presentations must be developed to consider VC channel SDGR and eIDAS2 compliant. |
Fine grained powers / powers catalogue | Not really clear yet how this can be fit into the eIDAS 2 discussions – likely linked to SEMPER take-up, but also needs very extensive discussion on actual needs and semantics. May be linked to the Interoperable Europe Act (see below) as well - to be examined. |
Representation in general (e.g. parent-child, guardianship, etc) | Comparable to the above, but not covered by SEMPER. To be discussed on whether/how/when a model can be established. VCs could be a viable tool |
Links to Data Act and Data Governance Act | Under the DGA, Member States should establish a single information point to act as an interface for re-users that seek to re-use data, which should be able to rely on automated means where it transmits enquiries or requests for re-use. Can be linked to the SDG (or even to the technical system). |
Relationship to the recently proposed Interoperable Europe Act. | The Act could be an opportunity to deal with several technical and semantical interoperability issues, depending on its scoping - to be examined further. |
Potential approaches to ensure legal sustainability
The selected approaches for legal sustainability will probably be different per topic, but options will include:
· Changes in SDGR, IR, guidance on interpretation/implementation via the defined governance mechanisms of the SGDR and IR
· Or eIDAS 2
· Or DGA/Data Act
· Or Interoperable Europe Act
· Or new initiative altogether – SDGR 2?