e-prodat Executive Summary Best practices on e-government and Data Protection in European Regions and Cities PROJECT COFINANCED BY THE EUROPEAN UNION

Transcription

1 Executive Summary e-prodat Best practices on e-government and Data Protection in European Regions and Cities PROJECT COFINANCED BY THE EUROPEAN UNION Nord Est SUD Ouest INTERREG IIIC

2 Background Background The project named "e-prodat" ( aims to promote the exchange of knowledge and experiences between Agencies and other public bodies concerning the protection of personal data used by Governments and Public Administrations for the provision of public services, and specially those related to e-government or based on the Internet, helping in particular to create best practices recommendations in this area. The Project has three main goals: The exchange of knowledge and experiences related to personal data protection in public bodies belonging to different European countries. To create an Internet based "European e-government data protection observatory", for the permanent assessment on the accomplishment with European data protection laws and principles and the awareness of data protection issues among European citizens. Identifying best data protection practices already in place for e-government or other public bodies' services, and building recommendations for increasing data protection standards in the public sector. The Project starting date is 1st February 2005, and its finishing date is 31st January 2007 (24 months). Total budget reaches ,00 euros, while ,00 of them are provided by the European Union INTERREG IIIC-South (ERDF) program, and partnership includes: Data Protection Agency of the Community of Madrid (Spain, leading partner) Estonian Data Protection Inspectorate (Estonia) City of Bologna (Italy) Abruzzo Region (Italy) Region of Western Greece (Greece) City of Santa Cruz de Tenerife (Spain) Association of local Authorities of the Municipality of Kavalas (Greece) University King Juan Carlos (Spain) University of Patras (Greece) The partnership includes regional Data Protection Authorities, Municipalities and regions with different records in e-government services, and Universities and Research Centres with some background in e-government and/or data protection studies. All of them are interested on the development of on-line public services, some for scholar reasons, other for having already deployed e-government services, and finally others for been responsible for controlling the usage of personal data in that kind of activities. 2

3 Project activities Project activities are structured in 5 components: Component 1: Management and Coordination Under the responsibility of the Data Protection Agency of the Community of Madrid, its main goal is promoting the development of all activities and deliverables of the project within scheduled time, cost and quality. Main results include follow-up reports every six months and a final report on the achievements of the project. Component 2: Assessment on e-government and data protection in European regions and cities This component pursues the development of an assessment report on e-government and Data Protection in European Regions and Cities, including case studies of partner regions and cities, fostering the gathering of scientific knowledge and regions/cities expertise on data protection and e-government. Its leader is the University King Juan Carlos. Project activities Component 3: Identification of best practices This component aims at the Identification of particularly innovative practices on data protection and e-government in Europe, by selecting those already implemented by partner (or other European) regions and cities. Leading partner for this component is the City of Bologna. Component 4: Development of publishing materials As one of the main purposes of the project is not only to identify but also to spread best practices, one key element of its activities is the development of accurate publishing materials which may be used to support the communication of the project results. This includes the building of the project web site (best practices observatory, and project book of the project translated to English, partner languages (Estonian, Greek, Italian, and Spanish) and other languages, among others initiatives. The leading partner for this component is the Data Protection Agency of the Community of Madrid. Component 5: Communicating project results Its goal is spreading and communicating results, through a virtual community, the distribution of publications and project materials, and the celebration of events, searching to raise the awareness on data protection among partner and other European regions and cities. This component is leaded by the Association of Local Authorities of the Municipality of Kavalas. 3

4 Assessment on Data Protection and e-government in European Regions and Cities e-prodat has produced an assessment report on Data Protection and e-government in European Regions and Cities (full text available at Its main objectives are: Assessment on Data Protection and e-government in European Regions and Cities To assess how prepared European administrations are to take full advantage of e- government and e-participation services. To assess how much European administrations are currently benefiting from e-government and e-participation services. To assess data protection in European administrations as far as e-government and e- participation services are concerned. The methodology of the report stems from that used by the United Nations, complemented by our interest in data protection. Specifically, we have built indexes to measure e-government readiness (based on a measure of telecom infrastructure, education and governmental web services), e-participation services and data protection. Simple statistical analyses have aided us to extract relevant information. For data availability reasons, the study has been undertaken at a European level, at a partner level and, finally, at a regional level within Spain, Portugal and Italy. Data has been obtained from several sources including United Nations reports, various databases from EUROSTAT and the Spanish, Italian and Portuguese statistical offices, together with a survey conducted among partners. Main results of the assessment are: There is considerable heterogeneity within Europe, both at national and regional levels as far as telecom infrastructure, e-gov web services and e-participation are concerned. There is much more homogeneity as far as education is concerned within Europe. There is heterogeneity as far as data protection within e-government is concerned within Europe. Rankings and clusters of countries (and regions) suggest several best practices as far as data protection in e-government are concerned. Finally, here are the report's policy conclusions: In consonance with the i2010 plan, numerous countries and regions should further invest in their telecommunications infrastructure. 4

5 Similarly, a considerable effort should be made to promote e-government and e-participation services. Several good examples have been identified. So as to not reinvent the wheel, a common e-government and e-participation platform could be developed at an European level. A great deal of effort is required in several countries and regions to acceptably support e-government and e-participation services. Identification of best practices on Data Protection and e-government It is not in the scope of the project to provide a closed list of best practices on data protection and e-government in Europe. Instead, e-prodat partners have worked together to identify an open set of practices that can be useful as examples of the kind of experiences to be fostered. Constraints related both to the available resources and the national environments closer to e-prodat partner institutions should be taken into consideration when assessing the results. Therefore, identified best practices have to be considered as an initial contribution to the key service developed in e-prodat, which is the implementation of an "European observatory of best practices on e-government and Data Protection" open to the continuous improvement both of the quality and of the quantity of useful information on this subject, including particularly the proposal of new candidate best practices by European public bodies, Data Protection Authorities or experts, and the evaluation and dissemination of these through the website Practitioner Austrian Government and Data Protection Commission City/ Region Country DP Values Vienna Austria Austrian Citizen Card System: A data protection compatible system for secure electronic communication between citizens and government (e-business portals, electronic administration of justice, e-voting, e-learning portals). Allows separate personal electronic identification for different public service sectors. Identification of best practices on Data Protection and e-government RedIris (Spain) Madrid Spain Electronic management of data subject's consent for publishing personal data ("Iris User Private Attribute"). Rediris (public communication network for Research Centres) has defined LDAP attribute "iris User Private Attribute" to allow data subjects to deny partial or total access to their personal directory information (i.e. mobile phone number, home postal address, etc.). 5

6 Practitioner City/ Region Country DP Values Identification of best practices on Data Protection and e-government Zurich Airport (Swiss) - Privacy friendly biometrical identification University of Granada (Spain) Agenzia Entrate - Income and Taxes Agency University of Aegean (Greece) Government of the Province of Quebec (Canada) 1 Zurich Switzerland To use data biometric for registering and boarding passengers in the Zurich Airport while adopting specific measures to enforce passengers' privacy, such as decentralized data storage and storing inside the smart cards used for this purpose only temporarily. Granada Spain Privacy enabled web based teaching support system (SWAD). Efficient method for teachers to publish electronically and for students to check personal qualifications through the Internet in a private way. Rome Italy Different fiscal services on line -payment of taxes -forms -certificates. Greece Aegean-Net settles unique distributed Information and Telecommunication infrastructures for the university of Aegean. Among others, university of Aegean provides physical access as well as access to several e-services via smart cards and PKI. Quebec Canada Limited broadcasting of personal information on the Internet. When publishing personal information by Government bodies on the Internet, restrict its searchability by Internet Search Engines by using the "norobots" command or other methods. This is included in Quebec's "Law on the legal frame of the technology. The County Government of Harju County (Estonia) Estonia The biggest e-government service provider in Harju county. City of Prato Prato Italy E-id-card -Tax payments on line -Digital certificates. Health Services Agency of Trento Trento Italy Different services on line -booking on line appointment with a specialist - certificates Information on website privacy policy. 1 Obviously this is not a European experience, but nevertheless we have decided to include it considering its interest. 6

7 Practitioner City/ Region Country DP Values National University of Ireland (Maynooth) Maynooth (Co. Kildare) Ireland Electronic support for exercising data subjects' rights. Several procedures and guidelines aimed at data subjects, concerning right of access related to the institution's data files, including guidance and electronic form to do so. L université d Orléans Orléans France E-campus services. Electronic services for students to check personal qualifications, to reach books en elibrary, and other private services for the student life; through in a private way and a student number. Ministry of Economy & Finance General Secretariat for Information Systems (Greece) Ministry for Investment, Industry & Information Technology (MALTA) Greece Malta e-vehicles - secure electronic communication between citizens and government for vehicle registration. Electronic services over the Internet with the ability for the citizens to track the progress on their requests online. The services can also be offered to citizens over the mobile technology (SMS). Best practices observatory Best practices' observatory The website of the "European observatory of best practices on e-government and Data Protection" ( is intended to provide easy access to relevant best practices information, and to allow DP Experts and public officials responsible for the provision of e-government services suggest new contents and comment on the existing ones. 7

8 The main page is intended to provide some of the more relevant contents of the website, including two of the most significant or newer best practices included in it, together with latest news and documents. Best practices observatory Main channels are as follows: Best practices: including a list and details of best practices identified so far, together with the selection criteria and procedure used, and an invitation to suggest new practices to be considered through an online questionnaire. News & Events: shows e-prodat's press releases and other news concerning best practices, together with seminars or conferences devoted to this subject. Papers: Lists relevant documents such as the e-prodat report on Data Protection and e-government in European Regions and Cities and others. e-prodat: Provides general information on the European project e-prodat: its purpose, activities, partnership and results. About us / Contact us: General explanation on the purpose and management of the website and multipurpose contact address. 8

9 Online services include a mailing list - allowing all interested persons to receive information on the posting of new best practices, documents, news, events, etc... - and an online questionnaire to suggest new practices. Concerning the management procedures of the observatory, main responsibilities defined include those of the web editor, the technical manager and the editorial board. The latter defines website publishing standards and procedures, and assesses its performance and contents. Until the end of the works of the project (January 2007), the membership of the editorial board matches that of the steering committee of e-prodat, while from that moment on other Data Protection Authorities and DP experts are invited to participate. The procedure followed in order to select data protection and e-government related practices for their publishing includes the following steps: Candidate "best practices" can be posted to the website or suggested by any e-prodat partner, following the questionnaire prepared for that purpose. Best practices observatory The web editor will send the information concerning any new "candidate best practice" to all members of the Editorial board, including particularly Data Protection Authorities which are e-prodat partners. Should the opinions of the Editorial board be positive, the web editor will prepare a pdf document regarding the new "candidate best practice", which will be clearly marked with the word "PROVISIONAL" and the date, and will be published at 9

10 After a period of a maximum of three months, the web editor will collect all comments received from readers of and submit them to the Editorial board, together with a proposal either to change its status from "PROVISIONAL" to definitive, or to remove it from the website. Communication and marketing activities Should the opinions of the Editorial board be positive, the web editor will make the necessary changes to the corresponding pdf document, including the removal of the word "PROVISIONAL", and it will be published at Communication and marketing activities Some of the communication actions performed are: A project logo was prepared in the very beginning of the project, and approved at the first steering committee meeting held in Madrid in February e-prodat press releases are systematically distributed to all partners, for their translation into national languages and distribution to local and regional media, and to possibly interested third parties including European Data Protection Authorities and others. They're also published at the project's website e-prodat team has developed a set of different materials, including a project book, this executive summary, brochures, etc... together with the website and a project CD including not only the final deliverables (Assessment on e-government and Data Protection in European Regions and Cities, List of Best Practices, etc...) but also the intermediate products (component plans, powerpoint presentations used in steering committee meetings or others, quality and audit plan, minutes of meetings of the steering committee, financial papers, questionnaires and methodologies used, etc...). A short TV and radio announcement produced and broadcasted by Regione Abruzzo. Participation in many seminars and international events. 10

11 How to participate in e-prodat All public bodies in the European Union are invited to participate in the project. The scope of this participation may obey to different approaches: Sharing your best practices on data protection and e-government: should your public institution consider that one of its procedures or services may be considered a best practice on this subject, please let us know! For that purpose, an online questionnaire has been made available at (Channel "Best practices > Suggest new practices"). The questionnaire has been designed to help public bodies identify what is particularly interesting regarding personal data protection in their e-government experiences. Practitioners may contact us also at eprodat@madrid.org. Assessing your current situation on data protection and e-government. For that purpose, you may use the methodology and questionnaire originally prepared to develop the e-prodat report on Data Protection and e-government in European Regions and Cities, which is available at (Channel "Papers"). I you accomplish this task, we would like to hear about your results. Please contact us at eprodat@madrid.org. Implementing in your organization one or many best practices suggested by e-prodat. We appreciate also your feedback on this subject (once again, at eprodat@madrid.org), which may help other practitioners to improve their implementation experiences. Data Protection Authorities and experts are also invited to participate in the project, by: How to participate in e-prodat Their incorporation to the Editorial Board of the "European observatory of best practices on e-government and Data Protection", which defines publishing standards and procedures, and assesses its performance and contents (specifically, has the final decision on whether a "candidate best practice" will be finally considered to be published at the website). Suggesting new best practices they may be aware of. We strongly appreciate the know-how of Data Protection Authorities and DP experts in order to make sure both that identified practices are in fact "best of breed" and that all European Countries are properly represented. Both ways of participation can be proposed at eprodat@madrid.org. 11

12