Initial report on legal and ethical recommendations and best practices

Overview and objectives

After two years in the project, a report was dratfed that summarises all legal and ethical compliance activities undertaken up until that point, including any recommendations, draft texts, and legal and ethical best practices. It does not aim to capture conclusive findings on all legal and ethics topics, since the project is still ongoing and significant piloting efforts are still being undertaken. None the less, it captures the main efforts undertaken to adhere to the terms of the SDGR and other legislation at the time of submission, and to satisfy ethical requirements, including but not limited to data protection.

Contents of the report

The report comprises two major topics:

Firstly, it summarises concrete lessons learned and outputs created during the project’s execution, both in relation to the DE4A infrastructure in general, and to piloting in particular. This section captures the current state of play, and indicates how DE4A generally operates from a legal and ethical perspective. The outputs include notably:

• Ethical compiance policies relating to the identification and recruitment of pilot participants; the appointment of a data protection officer for the project; and in relation to further processing of personal data. These policies collectively aim to ensure that personal data of pilot participants is treated responsibly and lawfully.
• A standardised disclaimer for non-operational piloting, and for live piloting
• A standardised privacy policy
• The DE4A Data Protection Impact Assessment
• The DE4A Memorandum of Understanding

Secondly, it contains a summary and prospective discussion of legal and ethical topics for future policy reflection. This is an initial description of areas where new legal or ethical reflection may need to occur in the future, since some of the experiences in DE4A exceed the current legal vision of the SDGR. The future discussion topics do not contain a consensus position from the entire consortium on desired outcomes, but rather aim to signal points where there is legal or ethical margin for evolution in the future. The currently identified topics presently include:

• A discussion of once-only exchanges for public policy benefit, specifically the question of whether once-only exchanges should only be possible on the basis of prior requests of the user. It could be argued that it would be at least in the public interest, and also often in the citizen's interest, to organise once-only exchanges without requests, at least in some instances.
• The role of data sovereignty of the user. In the SDGR, the user is a gatekeeper who organises (by allowing or disallowing) exchanges of evidence between public authorities. However, it is also possible to simply provide the user with a copy of their own documents, so that they can have an even greater discretionary power over their use. It should be examined what the benefits and downsides are.
• The identification and integrity/authenticity approaches. A recurring challenge is that uniqueness of identities cannot be conclusively ensured at the current stage; and that the power to represent another person or company is very difficult (and sometimes impossible) to validate electronically in a cross border context.
• Challenges relating to semantics, translation and legal validity. DE4A does extensive work on semantics, and in translating standardised concepts. However, this semantic work and any translation has no legal authority; and the same challenge applies to the piloting situation in DE4A where non-standardised evidences are accompanied by canonical equivalents. The latter are more accessible and easier to use, since they support automatic further processing (including automatic semantic interpretation and translation), but they cannot be considered as legally valid originals.

To learn more

A full version of the document can be downloaded here: [1]

Next steps

The contents of this report will be maintained and revised until the end of the project (since an updated version is expected to be delivered in the last months of the project). Therefore, the positions taken in this deliverable may not necessarily be conclusive, but they are informed and driven by existing understanding of the law and ethics across DE4A members.