Initial Report on legal and ethical recommendations and best practices

From DE4A
Revision as of 15:16, 29 September 2021 by Hans.graux (talk | contribs) (Initial instantiation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

This is the provisional working page to prepare D7.2 Initial Report on legal and ethical recommendations and best practices.

This deliverable is due in M24 (December 2021), and is intended to capture legal and ethical lessons learned in DE4A (not necessarily limited to the SDGR).

There is a future iteration of the deliverable required in M30 (D7.3 Final Report on legal and ethical recommendations and best practices).

Structure, approach and timing

It is proposed to have two major sections in the deliverable:

- Basic lessons learned in DE4A that should be relatively universally acceptable.

- Topics for reflection. These are not necessarily agreed between the entire consortium (the goal is not to express a consensus position), but to signal points where there is legal or ethical uncertainty.

All DE4A partners are invited to contribute their suggestions in the tables below, in all cases providing a title to the lesson learned, and describing briefly why it is relevant.

Basic lessons learned

Basic lessons learned include notably the following:

Name of the lesson learned Concise summary of the meaning and relevance
Transparency towards users across the flow of evidence is complex Transparency notifications under the GDPR require extensive communication. This is difficult to standardise across the chain of parties involved, and can lead to 'information fatigue'
Organising a preview space at the evidence requester side creates some challenges The IA requires the preview space to be set up on the evidence requester portal. This implies a transfer of evidences to the requester that's complex to organise, and requires the evidence to be isolated until the preview is approved
Identity mapping has no consistently reliable model yet Currently, the model relies on fuzzy logic, which works most of the time, but constitutes a risK

Topics for reflection

Topics for reflection include notably the following:

Name of the topic Concise summary of the meaning and relevance
Subscription / notification patterns These patterns create a lot of added value from a public service perspective. It is worth considering whether this should be actively supported as a once-only flow.
User sovereignty / user control Once-only flows traditionally focus on sending data directly from one authority to the next. It should be agreed whether a model that allows the evidence to be retained by the user (e.g. on a digital locker, a smartphone, a SOLID pod,...) is possible, and compatible with once-only.
Original and canonical evidences If unstructured evidences are permissible, normalisation into canonical evidences is needed. It should be agreed what the legal value of canonical evidences is.