respecting privacy in global networks/ guernsey, wednesday 11 th april,2007 1 paula ortiz lópez...
TRANSCRIPT
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 1
Paula Ortiz LópezSpanish Data Protection Agency
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 2
“Everyone has the right to recognition everywhere as a person before the law”
Art. 6 Universal Declaration of Human Rights
Therefore, personal identity is the right of all citizens and Governments must establish the suitable mechanisms to facilitate this right to its citizens.
The concept of personal identity takes on still greater value in the current Information Society.
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 3
The National Identity Card (DNI) in Spain Since 1944 provides unequivocal accreditation of the identity of its holder.
It is required in the great majority of relationships between citizens, and between citizens and public and private institutions.
Identifying document in 97% of all processing
Its use is pervasive in every sphere throughout the entire country, and is compulsory for the issue of other documents, such as :
Passport, driving license, social security number, tax identification number (NIF), etc.
Ministry of the Interior
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 4
From the DNI to the e-DNIFrom the DNI to the e-DNI
Digital identification
A key tool in the development of the Information Society and legal, economic, etc. relations via the Net.
Generalised medium able to incorporate digital identity.
Legitimation of the DNI (Article 6 Data Protection Law) Law 1/1992, of 21st of February, on Protection on Citizens Safety Act 59/2003, on the Electronic Signature Regulation 1553/2005 digital signature
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 5
The difference between a traditional identity card (DNI) and electronic identity card (DNI-e) is that the former is used to accredit one’s identity to third parties, but it is not able to sign for the specific person. On the other hand, the DNI-e, in addition to identity to third parties, also provides electronic accreditation, and it is able to provide remote witness of our presence and may sign on our behalf, if the appropriate code is provided.
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 6
ARTICLE 29 WP Working Document on E-Government, of 8th May 2003 (WP 73)
Main concerns / Situation in SpainMain concerns / Situation in Spain
1. Determination of the nature of the data registered on the card2. Determination of the procedures of data processing,3. Determination of the organisations allowed to have access to the
various categories of information,4. 4. Respect of the individuals’ rightsRespect of the individuals’ rights
5. Determination of the administrations entitled to decide of the nature ofthe data registered in the electronic identity card,
6. Potential use of the electronic identity card for commercial purposes7.Security measures applied.
8. Centralised storage of health and biometric data, such as fingerprints.
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 7
Regulations
e-Government and electronic identification
Directive1995/46/EC on Data Protection
Directive 1999/93/EC on Electronic Signatures
Directive 2000/31/EC on Electronic Commerce
Directive1995/46/EC on Data Protection
Directive 1999/93/EC on Electronic Signatures
Directive 2000/31/EC on Electronic Commerce
Law 30/1992 on Administrative Procedure
Organic Law 15/1999 on Data Protection
Law 34/2002 on the Information Society
Law 59/2003 on Electronic Signature
Law 30/1992 on Administrative Procedure
Organic Law 15/1999 on Data Protection
Law 34/2002 on the Information Society
Law 59/2003 on Electronic Signature
RD 263/96: Use of, electronic, computing and telematic techniques
Law 24/2001: Telematic Logs, Acknowledgement of Receipt, Notaries Public and Registrars
RD 209/2003: Telematic logs and notifications. Certificates.
Law 7/2003 on the New Limited Liability Company
RD 1553/2005, issue of electronic DNI
Order INT/738/2006, of 13 of March. Declaration of practices and policies of certification of the Department of the Interior
RD 263/96: Use of, electronic, computing and telematic techniques
Law 24/2001: Telematic Logs, Acknowledgement of Receipt, Notaries Public and Registrars
RD 209/2003: Telematic logs and notifications. Certificates.
Law 7/2003 on the New Limited Liability Company
RD 1553/2005, issue of electronic DNI
Order INT/738/2006, of 13 of March. Declaration of practices and policies of certification of the Department of the Interior
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 8
Objectives of the e-DNIObjectives of the e-DNI Accredit the identity and the personal data of its holder, as well as the Spanish
nationality. To certify the identity of the citizen not only in the physical world, but also on
online transactions, allowing signing all type of electronic documents. Using a safe device of signature, the electronic signature that takes place by means of the electronic DNI will have effects equivalent to those of a written by hand signature
To emit the e-DNI in a single administrative act, reducing therefore the time used for its obtaining
Interoperability with the European projects of digital identification To foment the confidence in the electronic transactions. Acceptance on the part of all the Public Administrations and Organizations of tie
or dependent Public Right of the same ones of the use of the electronic DNI.
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 9
Electronic Signature
System of accreditation that allows the verification of the identity of people with the same value that the hand written signature, authenticating the communications generated by the signer.
Law 59/2003 defines digital signature in its article 3.1 as “The electronic signature is the set of data in electronic form, briefed next to others or associated with them, that can be used like means of identification of the signer”
The Law distinguishes between advanced electronic signature (identifies the signer and detects future changes) and recognized electronic signature (same value as hand written signature)
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 10
Electronic Signature System
Registration Authority: DNI Issuing Offices (National Police Department)
Registry of data and personal identity accreditation Certification Authority: Ministry of the Interior. National Police
DepartmentIssuance of electronic certificates
Validation Authority: Various entitiesInformation on the validity of the certificates.
Data Controller processing all the information: National Police Department
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 11
Characteristics of the e-DNICharacteristics of the e-DNI
Smart card: physical card + chip• Digital certificatesDigital certificates of authentication and electronic signature
• Private area (DNI Holder)Certificate of signaturePrivate keys
• Public area (Unrestricted)Certificate of authenticationPublic keys
• Restricted Area (Verification by Law Enforcement Bodies) Biometrical data
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 12
The front of the card includes the following items:The front of the card includes the following items:
1. In the central body of the card: • Family Name• Name • Second Family Name• Sex • Nacionality• Date of birth• Serial Number of the phisical support of the card• Expiration date • Validity date
2. At the lower left corner • Number of the National Identity Card
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 13
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 14
The back of the card contains the following data 1. In the top of the card:
Place of birth Region- Country Parent´s names Residence Town of residence Province- country of residence Number of the e-DNI issuing office
2. OCR-B Information printed for automated reading of the citizen’s identity as per ICAO standards for travel documents
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 15
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 16
The e-DNI does not contain any information related to personal or any other type of data (health, tax,
traffic, etc.)
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 17
The chip contains (Read electronically)
Filiation data of the holder (Restricted Area) Digitalized picture (Restricted Area) Digitalized signature (Restricted Area) Finger print (Restricted Area) Authentification Certificate (Public Area) Signature Certificate (Public Area) Private keys for the activation of the aforesaid certificates (Private Area)
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 18
Calendar, project planning
• March-2006. Issue of e-DNI’s commences at a pilot office in Burgos
• 2008: generalised use of e-DNI
• DNI: is it becoming a different document?
Principle of PurposeAdditional data on the e-DNI chip (points on licenses....)
National Electronic Identity Card (DNI-e)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 19
e-AEPD
Participation of the Spanish Data Protection Agency e-government:Providing information on the legal regulations established for e-government
e-DNI:Participation on the Coordination Committee, the Technical Committee acting as support for the Committee created by the Council of Ministers Resolution of 23rd December 2004
Promoting the provision of e-government services from the Agency itself (NOTA project)
Respecting Privacy in Global Networks/
Guernsey, Wednesday 11 th April,2007 20
Thank you