Initial overview of legal and ethical requirements

From DE4A
Revision as of 09:48, 21 February 2022 by Hans.graux (talk | contribs)
Jump to navigation Jump to search

Introduction and objectives

During the first eight months of DE4A, a report was drafted to provide an initial overview of relevant legal and ethical requirements. Given the timing, that report did not aim to capture conclusive findings on all legal and ethics topics. Moreover, it should not be considered fully comprehensive or up to date anymore, since the legislation and its interpretation have evolved since the time of finalisation (in August 2020). None the less, this report aims to present the central topics that have been under discussion within the consortium, and captures some of the main positions taken on the meaning of the SDGR at the time of submission. More importantly, it summarises the working assumptions on the interpretation and impact of the law on the project. In other words, it is not an abstract reflection on legal difficulties, but lays out what the consequences of specific interpretations would be, and which interpretations the consortium intends to apply during piloting.

Contents of the report

Key topics covered by this report include the main legal and ethical requirements imposed by the General Data Protection Regulation (GDPR) and Single Digital Gateway Regulation (SDGR), which are the main frameworks governing respectively data protection and once-only e-government exchanges in the EU. These include:

- the preview requirement, i.e. the obligation (with certain exceptions) that a user should have the possibility to preview evidence before it is exchanged between two public administrations;

- explicit request, i.e. the obligation (with certain exceptions) that evidence can only be exchanged after a user makes an explicit request to do so;

- GDPR compliance, i.e. to obligation to ensure that any personal data involved in an exchange is treated in accordance with EU data protection law, including e.g. transparency, and the protection of other data subject rights,

- the relevance of structure in exchanged evidences, i.e. the question of whether digitally exchanged information needs to have a standardised structure that facilitates automated further processing by the receiving public administration, or inversely whether also visual scans (such as unstructured PDF documents or visual files such as JPGs or PNGs) should be permissible;

- charging, i.e. the question whether the SDGR affects the ability of public administrations to charge for certain evidences, and whether DE4A should explore solutions on this point;

- lawfulness of piloting and further processing of evidences, i.e. the question whether the SDGR - which does not enter into force in its entirety until the end of 2023 - is an acceptable legal basis for piloting before that date; and to what extent receiving administrations can use evidences in accordance with their national laws (even if those laws contain usages that are not targeted by the SDGR).

The relevant sections of the report were developed iteratively and interactively through white papers and online discussions between all project partners. In this way, the positions taken in this deliverable were not necessarily conclusive, but they will be informed and driven by existing understanding of the law across DE4A members.

The report also recognises that there are many uncertainties still on the exact interpretation of the SDGR. It is intended that the findings of this report and its working assumptions will be further refined and adjusted, based on future discussions and working experiences in DE4A. In this way, they can contribute further to achieving consensus between the Member States, and in providing useful feedback to national and EU level legislators and policy makers, so that the SDGR can achieve its intended goals.

Finally, it is worth underlining that the report does not yet explore in detail the implications of the some of the evidence exchange patterns that will be explored in DE4A (notably the USI pattern or the VC pattern), since these were not yet fully elaborated at the time.

For more information

A full version of the document can be downloaded here: D7.1 Overview of legal and ethical requirements