Copyright, 2002 © Michael Sonntag

E-Mail: sonntag@fim.uni-linz.ac.atWWW: http://www.fim.uni-linz.ac.at/staff/sonntag.htm

Mag. Dipl.-Ing. Dr. Michael Sonntag

Privacy (and other) issues of Privacy (and other) issues of e-Government in one-stop portalse-Government in one-stop portals

Wroclaw Summer School on a Legal Framework for Information Society

Wroclaw, 19.9.-21.9.2002

Michael Sonntag 2Privacy issues of e-Government

Content

Motivation Federalism and One-Stop-Portals Official help between administrative branches Data exchange between authorities Automated decisions Conclusions

Michael Sonntag 3Privacy issues of e-Government

Motivation

Public administration should be model of excellence Changing status of portals

Information Few personal dataTransactions Lots of personal data

Largest advantage AND largest risks by integrating data from many sourcesDifferent ministries, health data, tax information, …

Reason for interest: eGOV project

Michael Sonntag 4Privacy issues of e-Government

Federalism and One-Stop-Portals (1)

Federalism =» Loose definition; only used here

Different entities» Federal / state / municipal / autonomous level

Different rules of procedure (possibly)No super-/subordination AND no common supervisor

One-stop portal =Simple for citizens: Fully integrated / details hiddenCentralized: management / administration / backup / …Data from many entities used (also for parts of others!)

Michael Sonntag 5Privacy issues of e-Government

Federalism and One-Stop-Portals (2)

Different roles: Controller ProcessorPortal operator - own proceedings: No problemPortal operator - proceedings of other entities

» Serves as a processor - Contract on each process required» Data access: How, when, for what?

Example: Filling in forms with external dataUser asks for own data and transmits it to another entityPortal is here processor for the user

DIFFERENT: Portal uses data to decide what to present the user (personalization)!

Michael Sonntag 6Privacy issues of e-Government

Official help between administrative branches

Usually no threat for privacyFormal procedure In writing: Each instance leaves traces behind Individual reason needed

» „Official“ ones: Needed for decision or other „content“Checking, whether this information may be passed on

One-stop portals:No formal procedure: Done automaticallyOnly general reason: „In such cases it‘s allowed“

» Typical case only; individual circumstance NOT verified!Used for other („non-official“) reasons too:

» Personalization, advice, filling in forms, ...

Michael Sonntag 7Privacy issues of e-Government

Data exchange between authorities (1)

If exchange is allowed, how will it be done?Verification: Who requests, which data, for what?

» Definition required which data may be sent for which reasons, who might send requests with certain reasons

Sending: Data must be masked» Only the authorized data may be sent, not the whole file/record» Therefore huge number of different data sets» Identification of data set per transaction, not unique» Encryption, partner server identification, …

Storage: Bound to single purpose» May be stored/used only for the purpose it was acquired for» Problem: Personalization requires relating it to other data

Michael Sonntag 8Privacy issues of e-Government

Data exchange between authorities (2)

Probably best solution: XML-based languageShould be a large solution: Not confined to small area

Organizational issues also importantHow to place requests Identification of users / Logging

Processes must be adapted Interfaces in electronic record handling systemsRetirement of old / definition of new requests / responsesPerson responsible for privacyUser education

Michael Sonntag 9Privacy issues of e-Government

Automated decisions (1)

Simple procedure & everything available online» (El. Signed or from secure sources) documents, databases, …

Automated decisions are possible» Examples: Dog tax, prolongations, etc.» Example: Register of residency (see e. g. Swiss project)

Problems: Identification of the citizen: Easy in portal!Gathering of evidence needed: Which sources?Payment should be anonymousOfficial decisions/notifications possible without any

human intervention?State/Local/… proceedings done by a federal system

Michael Sonntag 11Privacy issues of e-Government

Conclusions

Integrated one-stop portals are VERY helpful They pose legal problems: PrivacyComplicated and difficult to explainUse implied consent where possible

Data exchange between authorities necessary in such portals to bring advantagesPrinciple of minimalismMany (legally) different roles of the operator

Automated decisions usually possibleOnly for severely restricted areasSource data and resulting data: Special care needed!

Copyright, 2002 © Michael Sonntag

E-Mail: sonntag@fim.uni-linz.ac.atWWW: http://www.fim.uni-linz.ac.at/staff/sonntag.htm

Mag. Dipl.-Ing. Dr. Michael Sonntag

Questions?Questions?Thank you for your attention!

? ?

??

??