The Eötvös Károly Institute strives to improve and strengthen the citizens political culture based on the spirit of solidarity.
The data protection requisites of electronic identification
Conducted on behalf of the National Development Agency between July and September 2007, this study aims at assessing the data protection aspects of various plans, concepts, and feasibility studies pertaining to the informatization of public administration in Hungary, particularly as regards models of electronic client identification and the means of handling personal data that they imply. As further objectives, the study proposes to gauge the data protection risks of specific plans and concepts, and to recommend ways for the removal of these risks. Additionally, the study endeavors to provide decision makers and developers with a universally valid set of criteria toward enforcing data protection principles, constitutional requirements, and applicable law, as early as in the phase of planning for the provision of electronic government services.
Essentially interdisciplinary in nature, our approach places the emphasis on issues of data protection, augmented by considerations of the aspects of public administration theory, system organization, social science, and information technology. We have made it a point to go beyond merely offering a catalogue of data protection problems as obstacles to implementing the proposals under review. Instead, we seek to recommend specific solutions readily put into practice in the process of the development and future operation of data systems that will pass the test of privacy protection while keeping in view the professional and business interests of developers, as well as the perspectives of efficient public administration, government objectives, and information technology itself. Furthermore, we have made a conscious effort to present fair data protection principles as a positive target worth pursuing, rather than as marginal conditions capable of placing restrictions on the internal logic of information technology and public administration. Therefore, we also provide some suggestions of a more general nature in order to offer theoretical guidance for future upgrades and decisions, and to bring into view criteria and methods of planning that will ensure the ongoing representation of the spirit of data protection when it comes to fashioning and operating systems capable of exerting a long-term influence on Hungarian public administration and the relation between citizens and various service providers, public or private.
The study focuses on methods of identifying individuals, particularly by electronic means, and the exchange of personal data of identified and identifiable individuals between various data controllers. We wish to stress, however, that not one single identifier, method of identification, or type of identification card should be regarded as an isolated element, but much rather as an integral part of an entire data processing system. Keeping this in mind, in our study we frequently take into consideration a broader data processing environment while examining client identification methods and the interoperability of various databases.
The original Hungarian version of the study can be downloaded from our site.