EPAN – eGovernment working group eEurope eGovernment subgroup Meeting : 11-13 May 2005 Centre Culturel de Rencontre - Abbaye de Neumünster The Single identification number, data sharing and data protection issues A disparity of solutions for balancing conflicting interests with suitable safeguards The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

The study reflects a great variety of legal rules, practical solutions and ongoing discussions in the different countries Some member states do not have SINs (Greece, Hungary, Portugal, UK) Several only use specific SINs for different sectors of public administration (Austria, Germany, Ireland, …) In others a central identity management is applied with a global SIN used in most public registers (Belgium, Lithuania, Luxembourg, Malta, Sweden) SINs can either be stored in a central data base, in various registers and/or on an electronic ID card (Austria) The extent of exchange and sharing of personal data by different public services varies from one Member State to the other Use by private persons / bodies can be foreseen or more or less tolerated The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

A request from modern public administrations in the Information Society across the European Union Trends : Increased data needs and data flows in a globalised world Public registers have become huge electronic data bases of growing complexity (evolution of the population, migrations, differences in civil and family status according to origins ) Identity verification is crucial to ensure accurate data, combat fraud,… Growing need for cross-sector information (identity, related data, data processed by other units of public administration) Increased expectations from the citizens regarding administrative simplification and modern public service (online information, forms & transactions (e-governement), electronic ID cards …) Growing pressure from private bodies and business to access public information and to use SINs The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

Privacy and data protection concerns call for restrictions SIN coding may reveal personal information (birthday, gender, nationality, origin, marital status) SINs encourages to set-up interrelations between data processed by different public services & administrations and combined databases Use of SINs may progressively exceed the legal provisions. Citizens may be requested to state their SIN by persons (public / private bodies) not entitled to use it and nor to access the underlying personal data Confidentiality of personal data may be threatened, personal life and privacy be subject to hidden or unlawful intrusions The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

History of Single Identification Numbers and privacy debate Origin in Scandinavian countries since the sixties (Sweden 1947, Iceland 1953, Finland 60ies, Denmark 1968, … ) A ongoing public debate since the late 70ies Germany 1978 (Volkszählungsurteil) France 1978 (SAFARI project) Greece 1986 (EKAM project) Portugal 1977 (article 35 of the Constitution) In many countries the origin of data protection coincided with plans for a single identifier on a national scale and for the establishment of central registers; In others the debate around the conflicting interests of an efficient public service and privacy protection reappears episodically The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

Article 8 : “Right to respect for private and family life European Convention for the protection of Human Rights and Fundamental Freedoms (Rome, 4. XI 1950) Article 8 : “Right to respect for private and family life Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.” The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

Common legal principles derived from European law According to the European data protection directive 95/46/EC of October 24th, 1995, the introduction of SINs has to be provided for by law Any personal data may only be processed fairly and lawfully, for a specified and legitimate purpose and in a transparent way SIN is a personal information SIN is the key to multiple other (sometimes sensitive) personal data contained in the filing systems of public administrations which use them for identification The data controller has to ensure: that the processed data are adequate, relevant and not excessive in relation to the purpose for which they are collected that the processed data are accurate and, where necessary, kept up to date that they are stored in a form which permits identification for no longer than necessary with regard to the purpose for which they have been collected that no further use is made in an incompatible way with the original purpose The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

SINs: a special category of personal data Directive 95/46/EC of the European Parliament and the Council of October 24th , 1995 : Article 8 foresees special restrictions and conditions for the processing of sensitive data and data related to criminal offences and convictions Paragraph 7 of the same Article 8 states also that: “Member States shall determine the conditions under which a national identification number … may be processed.” Suitable safeguards are to be provided for by law Disparity in national solutions is the result of an incomplete harmonization taking in account national differences The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

Harmonization of Data Protection ≠ Uniformity of legal systems Legal restrictions to the use of SINs are a requirement of European law National laws are to define rules in order to protect confidentiality of all personal data and databases linked to a SIN and to protect the citizens privacy against illegitimate intrusion National laws have to define the right balance of conflicting interests Define suitable safeguards: Examples: Restrictions in access, communication and use of SINs Control of the system and advice by a supervisory authority sectorial SINs and decentralised data storage – no linkage limited data sharing defined by law and / or requiring the consent of data subjects The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

Your questions ? Your contribution ? Questions & Remarks The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

Commission Nationale pour la Protection des Données Contact Address Commission Nationale pour la Protection des Données Gérard Lommel (President) Edouard Delosch & Pierre Weimerskirch (permanent membres) 68, rue de Luxembourg L-4100 Esch-sur-Alzette Telephone: 26 10 60 - 1 Fax : 26 10 60 - 29 E-Mail: info@cnpd.lu Web site: www.cnpd.lu The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”

The single identification number, data sharing and data protection issues: CNPD Presentation “A disparity of solutions for balancing conflicting interests with suitable safeguards”