Privacy and Data Protection Aspects of e-Government Identity Management

Chapter
Part of the Information Technology and Law Series book series (ITLS, volume 20)

Abstract

European Commission 2003, p. 7. E-Government initiatives are being witnessed at all levels of government (local and federal governments, including legislative bodies, the judiciary, the tax administration, in the health sector, etc.). These initiatives can be grouped into four main categories: (1) the disseminating (passive or active) of relevant general public information to citizens, for example through websites, (2) the use of electronic processing and networks to improve the management of activities inside and across governmental departments, (3) the use of ICT to increase citizen participation in decision-making processes (e.g., e-petitions), and (4) the use of ICT for interaction with the citizen and service delivery (e.g., filing of tax return, access to personal file at the National Registry or on an e-health platform, filing of declarations in social security, etc.). For this Chapter, we focus on the activities in group (2) and (4).

Abbreviations

AFIS

Automated Fingerprint Identification System

CNIL

Commission nationale de l’informatique et des libertés

CoT

Circle of Trust

DPD

EU Data Protection Directive 95/46/EC

EDPS

European Data Protection Supervisor

Eurodac

European Dactylographic System

ICT

Information and Communication Technologies

IMI

Internal Market Information

PEGS

Pan-European e-Government Services

PET

Privacy Enhancing Technologies

PIA

Privacy Impact Assessment

PKI

Public Key Infrastructure

RFID

Radio Frequency Identification

References

  1. Article 29 eGov (2003) Article 29 Data Protection Working Party, Working document on e-government, WP 73. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2003/e-government_en.pdf. Accessed 8 May 2003
  2. Article 29 VIS (2004) Article 29 Data Protection Working Party, Opinion 7/2004 on the inclusion of biometric elements in residence permits and visas taking account of the establishment of the European information system on visas (VIS), WP 96, 11 Aug 2004Google Scholar
  3. Article 29 EHR (2007) Article 29 Data Protection Working Party, Working Document on the processing of personal data relating to health in electronic health records (EHR), WP131. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp131_en.pdf. Accessed 15 Feb 2007
  4. Article 29 IMI (2007) Article 29 Data Protection Working Party, Opinion 7/2007 on data protection issues related to the Internal Market Information System (IMI), WP140, published online at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp140_en.pdf. Accessed 20 Sept 2007
  5. Article 29 VIS (2005) Article 29 Data Protection Working Party, Opinion 2/2005 on the proposal for a regulation of the European parliament and of the council concerning the visa information system (VIS) and the exchange of data between Member States on short stay-visas, WP 110, 23 June 2005Google Scholar
  6. Belgian DPA (2008) Commission for the protection of privacy, aanbeveling 01/2008 met betrekking tot het toegangs–en gebruikersbeheer in de overheidssector recommendation nr. 01/2008 of 24 Sept 2008 concerning user- and access management in the governmental sector. 24 Sept 2008. http://www.privacycommission.be/nl/docs/Commission/2008/aanbeveling_01_2008.pdf
  7. Belgian DPA reference measures commission for the protection of privacy, referentiemaatregelen voor de beveiliging van elke verwerking van persoongegevens (reference measures for the security of every type of personal data processing). http://www.privacycommission.be/nl/static/pdf/referenciemaatregelen-vs-01.pdf
  8. Broeders D (2009) Mobiliteit en surveillance: een migratiemachine in de maak. In: Dijstelbloem H, Meijer A (eds) De migratiemachine serie kennis openbare mening, politiek. Rathenau Instituut/Van Gennep, Amsterdam, pp 35–59Google Scholar
  9. Bundeskriminalamt (2007) Forschungsprojekt. Gesichtserkennung als fahndungshilfsmittel foto-fahndung. Abschlussbericht, Wiesbaden, Feb 2007Google Scholar
  10. Bygrave LA (2001) Core principles of data protection. Privacy law and policy reporter 7 (9). http://www.austlii.edu.au/au/journals/PLPR/2001/9.html
  11. CNIL (2000) 21e rapport d’activité 2000. www.cnil.fr
  12. Council of the European union (2007) Council conclusions on access to Eurodac by member states’ police and law enforcement authorities as well as Europol, Luxembourg, 12 and 13 June 2007, 2807th meeting JHA council, of which a draft is available at http://register.consilium.europa.eu/pdf/en/07/st10/ st10002.en07.pdf
  13. De Bot D (2001) Verwerking van persoonsgegevens (processing of personal data). Kluwer, AntwerpenGoogle Scholar
  14. De Bot D (2005) Privacybescherming bij e-government in België. Een kritische analyse van het rijksregister, de kruispuntbank van ondernemingen en de elektronische identiteitskaart (privacy protection in e-government in Belgium. A critical analysis of the national register, the crossroadsbank for enterprises and the electronic identity card). Vandenbroele, BruggeGoogle Scholar
  15. Decision 2008/633/JHA Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the visa information system (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, OJ 13.08.2008, L 218/129-136Google Scholar
  16. Deprest J, Robben F (2003) E-government: the approach of the Belgian federal administration. https://www.law.kuleuven.be/icri/frobben/publications/2003%20-%20E-government%20paper%20v%201.0.pdf
  17. ECHR Marper (2008) European court of human rights, S. and Marper v. U.K., GC, Nos. 30562/04 and 30566/04, 4 Dec 2008Google Scholar
  18. EDPS (European Data Protection Supervisor) (2007) Opinion on the commission decision of 12 Dec 2007 concerning the implementation of the internal market information system (IMI) as regards the protection of personal data (2008/49/EC). OJ 25.10.2008, C 270/1-7Google Scholar
  19. EPIC (Electronic Privacy Information Center and Privacy International) (2007) Privacy and human rights 2006. An international survey of privacy laws and developments, 2007, p 25Google Scholar
  20. European Commission (2003) Communication from the commission to the council, the European parliament, the European economic and social committee and the committee of the regions, ‘the role of e-government for Europe’s future’, SEC (2003) 1038, COM (2003) 567 final, 26 Sept 2003, p 26. http://ec.europa.eu/information_society/eeurope/2005/doc/all_about/egov_communication_en.pdf
  21. European Commission (2005) Information society and media directorate-general, e-government unit, ‘a roadmap for a pan-European eIDM framework by 2010’, vo1 0, p 20. http://ec.europa.eu/information_society/activities/egovernment/docs/pdf/eidm_roadmap_paper.pdf
  22. European Commission (2007a) Report from the commission to the European parliament and the council on the evaluation of the dublin system, COM (2007) 299 final, 6.06.2007, p 13. http://ec.europa.eu/justice_home/news/intro/doc/com_2007_299_en.pdf
  23. European Commission (2007b) Commission decision 2008/49/EC of 12 Dec 2007 concerning the implementation of the internal market information system (IMI) as regards the protection of personal data. OJ 16.01.2008, L 13/18-23Google Scholar
  24. European Commission (2009) Commission recommendation 2009/329/EC of 26 March 2009 on data protection guidelines for the internal market information system (IMI). OJ 18.04.2009, L 100/12-28Google Scholar
  25. FIDIS (2006) Budapest declaration on machine readable travel documents (MRTDs). Frankfurt. www.fidis.net
  26. FIDIS D3.6 (2007a) Meints M, Hansen M (eds) D.3.6 Study on ID documents, FIDIS, 2006. www.fidis.net
  27. FIDIS D13.3 (2007b) Buitelaar JC (ed) D13.3 Study on ID number policies. FIDIS deliverable, 2007. www.fidis.net
  28. FIDIS D16.1 (2008) Buitelaar JC, Meints M, Van Alsenoy B, D16.1 Conceptual framework for identity management in e-government. FIDIS deliverable, 2008. www.fidis.net
  29. FIDIS D3.17 (2009a) Meints M, Zwingelberg H (eds) D3.17 Identity management systems—recent developments. FIDIS deliverable, 2009. www.fidis.net
  30. FIDIS D13.4 (2009b) Kindt E, Müller L (eds) D13.4 The privacy legal framework for biometrics. FIDIS, May 2009. www.fidis.net
  31. FIDIS D16.3 (2009c) Buitelaar JC, Meints M, Kindt E (eds) D16.3 Requirements for identity management in e-government. FIDIS deliverable, 2009. www.fidis.net
  32. Hert P De, Schreurs W (2006) Legal grounds for ID documents in Europe (sections 4.1.1–4.1.5). In: Meints M, Hansen M (eds) D.3.6 Study on ID documents. FIDIS, pp 40–70Google Scholar
  33. Hulsebosch B et al (2009) D2.3 Quality authenticator scheme. STORK deliverable. http://www.eid-stork.eu
  34. Huysmans X, Van Alsenoy B (eds) (2007) D1.3 Conceptual framework—annex I. Glossary of terms, IDEM, vo1. 0.7. https://projects.ibbt.be/idem/uploads/media/2007-12-27.idem.glossary.v1.07.pdf
  35. IDABC (2007) Graux H, Majava J (2007) eID interoperability for PEGS. Analysis and assessment of similarities and differences—impact on eID interoperability. IDABC, Nov 2007. http://ec.europa.eu/idabc/servlets/Doc?id=29618
  36. IDABC Decision (2004) Decision 2004/387/EC of the European parliament and of the council of 21 April 2004 on the interoperable delivery of pan-European e-government services to public administrations, businesses and citizens (IDABC). OJ 30.04.2004, L 144, as corrected by OJ 18.05.2004 L 181/25-35Google Scholar
  37. ITU-T (2007) International telecommunication union—telecommunication standardization sector. Focus group on identity management, report on identity management framework for global interoperability. http://www.itu.int/ITU-T/studygroups/com17/fgidm/index.html
  38. Juels A, Molnar D, Wagner D (2005) Security and privacy issues in e-passports. Sept 2005. http://eprint.iacr.org/cgi-bin/print.pl
  39. Kindt E, Dumortier J (2008) Biometrie als Herkenning—of Identificatiemiddel? Enkele juridische beschouwingen. Computerrecht 132:185–198Google Scholar
  40. Kosta E, Dumortier J (2007) The data retention directive and the principles of European data protection legislation. Medien Recht Int 3:130–136Google Scholar
  41. Leenes R et al (2009) D2.2 Report on legal interoperability. STORK deliverable. http://www.eid-stork.eu
  42. Léonard Th (2004) La protection des données à caractère personnel et l’entreprise (the protection of personal data and the enterprise). In: Guide juridique de l’entreprise (legal guide for the enterprise). Brussels, Kluwer, Livre 112.1, pp 9–64Google Scholar
  43. McCallister E, Grance T, Scarfone K (2009) Guide to protecting the confidentiality of personally identifiable information (PII). Special publication 800-122, NIST. Draft version available at http://csrc.nist.gov/publications/drafts/800-122/Draft-SP800-122.pdf
  44. Menezes AJ, Van Oorschot PC, Vanstone SA (1997) Handbook of applied cryptography. CRC Press, Boca RatonGoogle Scholar
  45. Millard J (ed) (2007) European eGovernment 2005–2007: taking stock of good practice and progress towards implementation of the i2010 e-government action plan. Sept 2007, p 82. http://www.epractice.eu/files/download/awards/ResearchReport2007.pdf
  46. Modinis (2006) Modinis study on identity management in eGovernment, modinisIDM. A conceptual framework for European IDM systems. Modinis project, 18 Sept 2006. http://ec.europa.eu/information_society/activities/ict_psp/documents/eidm_conceptual_framework.pdf
  47. Modinis (2007) Modinis study, breaking barriers to e-government—deliverable 3: solutions for eGovernment (section 1). 2007, p 82. http://www.egovbarriers.org/downloads/deliverables/solutions_report/Solutions_for_eGovernment.pdf
  48. Papakonstantinou V (2001) A data protection approach to data matching operations among public bodies. Int J Law Inf Technol 9(1):39–64CrossRefGoogle Scholar
  49. Roessler T (2002) Identification and authentication in networks enabling single sign-on. Master thesis, Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria, 2002. https://online.tugraz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=84179
  50. Schreurs W, De Hert P (2005) Vragen over privacy bij biometrisch paspoort en elektronische identiteitskaart (privacy questions with regards to the biometric passport and the electronic identity card). Juristenkrant 104, pp 6–10Google Scholar
  51. Van Alsenoy B, De Cock D (2008) Due processing of personal data in e-government? A case study of the Belgian electronic identity card. Datenschutz und Datensicherheit, March 2008, pp 178–183. http://www.fidis.net/fileadmin/fidis/publications/2008/DuD-2008-03-Due-processing-of-personal-data-in-eGovernment.pdf
  52. Van Alsenoy B et al (2009) Delegation and digital mandates: legal requirements and security objectives. CLSR 25:415–431Google Scholar
  53. VIS Decision (2004) Council decision of 8 June 2004 establishing the visa information system (VIS), 2004/512/EC. OJ 15.06.2004, L 213/5-7Google Scholar

Copyright information

© T.M.C. ASSER PRESS, The Hague, The Netherlands, and the authors 2011 2011

Authors and Affiliations

  • Brendan van Alsenoy
    • 1
  • Els Kindt
    • 1
  • Jos Dumortier
    • 1
    • 2
  1. 1.The Interdisciplinary Centre for Law and ICT (ICRI)K.U.LeuvenLeuvenBelgium
  2. 2.Catholic University of LeuvenLeuvenBelgium

Personalised recommendations