Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/

Guernsey, Wednesday 11 th April,2007 1

Paula Ortiz LópezSpanish Data Protection Agency



“Everyone has the right to recognition everywhere as a person before the law”

Art. 6 Universal Declaration of Human Rights

Therefore, personal identity is the right of all citizens and Governments must establish the suitable mechanisms to facilitate this right to its citizens.

The concept of personal identity takes on still greater value in the current Information Society.

National Electronic Identity Card (DNI-e)



The National Identity Card (DNI) in Spain Since 1944 provides unequivocal accreditation of the identity of its holder.

It is required in the great majority of relationships between citizens, and between citizens and public and private institutions.

Identifying document in 97% of all processing

Its use is pervasive in every sphere throughout the entire country, and is compulsory for the issue of other documents, such as :

Passport, driving license, social security number, tax identification number (NIF), etc.

Ministry of the Interior




From the DNI to the e-DNIFrom the DNI to the e-DNI

Digital identification

A key tool in the development of the Information Society and legal, economic, etc. relations via the Net.

Generalised medium able to incorporate digital identity.

Legitimation of the DNI (Article 6 Data Protection Law) Law 1/1992, of 21st of February, on Protection on Citizens Safety Act 59/2003, on the Electronic Signature Regulation 1553/2005 digital signature




The difference between a traditional identity card (DNI) and electronic identity card (DNI-e) is that the former is used to accredit one’s identity to third parties, but it is not able to sign for the specific person. On the other hand, the DNI-e, in addition to identity to third parties, also provides electronic accreditation, and it is able to provide remote witness of our presence and may sign on our behalf, if the appropriate code is provided.




ARTICLE 29 WP Working Document on E-Government, of 8th May 2003 (WP 73)

Main concerns / Situation in SpainMain concerns / Situation in Spain

1. Determination of the nature of the data registered on the card2. Determination of the procedures of data processing,3. Determination of the organisations allowed to have access to the

various categories of information,4. 4. Respect of the individuals’ rightsRespect of the individuals’ rights

5. Determination of the administrations entitled to decide of the nature ofthe data registered in the electronic identity card,

6. Potential use of the electronic identity card for commercial purposes7.Security measures applied.

8. Centralised storage of health and biometric data, such as fingerprints.



Regulations

e-Government and electronic identification

Directive1995/46/EC on Data Protection

Directive 1999/93/EC on Electronic Signatures

Directive 2000/31/EC on Electronic Commerce

Directive1995/46/EC on Data Protection

Directive 1999/93/EC on Electronic Signatures

Directive 2000/31/EC on Electronic Commerce

Law 30/1992 on Administrative Procedure

Organic Law 15/1999 on Data Protection

Law 34/2002 on the Information Society

Law 59/2003 on Electronic Signature

Law 30/1992 on Administrative Procedure

Organic Law 15/1999 on Data Protection

Law 34/2002 on the Information Society

Law 59/2003 on Electronic Signature

RD 263/96: Use of, electronic, computing and telematic techniques

Law 24/2001: Telematic Logs, Acknowledgement of Receipt, Notaries Public and Registrars

RD 209/2003: Telematic logs and notifications. Certificates.

Law 7/2003 on the New Limited Liability Company

RD 1553/2005, issue of electronic DNI

Order INT/738/2006, of 13 of March. Declaration of practices and policies of certification of the Department of the Interior

RD 263/96: Use of, electronic, computing and telematic techniques

Law 24/2001: Telematic Logs, Acknowledgement of Receipt, Notaries Public and Registrars

RD 209/2003: Telematic logs and notifications. Certificates.

Law 7/2003 on the New Limited Liability Company

RD 1553/2005, issue of electronic DNI

Order INT/738/2006, of 13 of March. Declaration of practices and policies of certification of the Department of the Interior



Objectives of the e-DNIObjectives of the e-DNI Accredit the identity and the personal data of its holder, as well as the Spanish

nationality. To certify the identity of the citizen not only in the physical world, but also on

online transactions, allowing signing all type of electronic documents. Using a safe device of signature, the electronic signature that takes place by means of the electronic DNI will have effects equivalent to those of a written by hand signature

To emit the e-DNI in a single administrative act, reducing therefore the time used for its obtaining

Interoperability with the European projects of digital identification To foment the confidence in the electronic transactions. Acceptance on the part of all the Public Administrations and Organizations of tie

or dependent Public Right of the same ones of the use of the electronic DNI.




Electronic Signature

System of accreditation that allows the verification of the identity of people with the same value that the hand written signature, authenticating the communications generated by the signer.

Law 59/2003 defines digital signature in its article 3.1 as “The electronic signature is the set of data in electronic form, briefed next to others or associated with them, that can be used like means of identification of the signer”

The Law distinguishes between advanced electronic signature (identifies the signer and detects future changes) and recognized electronic signature (same value as hand written signature)




Electronic Signature System

Registration Authority: DNI Issuing Offices (National Police Department)

Registry of data and personal identity accreditation Certification Authority: Ministry of the Interior. National Police

DepartmentIssuance of electronic certificates

Validation Authority: Various entitiesInformation on the validity of the certificates.

Data Controller processing all the information: National Police Department




Characteristics of the e-DNICharacteristics of the e-DNI

Smart card: physical card + chip• Digital certificatesDigital certificates of authentication and electronic signature

• Private area (DNI Holder)Certificate of signaturePrivate keys

• Public area (Unrestricted)Certificate of authenticationPublic keys

• Restricted Area (Verification by Law Enforcement Bodies) Biometrical data




The front of the card includes the following items:The front of the card includes the following items:

1. In the central body of the card: • Family Name• Name • Second Family Name• Sex • Nacionality• Date of birth• Serial Number of the phisical support of the card• Expiration date • Validity date

2. At the lower left corner • Number of the National Identity Card







The back of the card contains the following data 1. In the top of the card:

Place of birth Region- Country Parent´s names Residence Town of residence Province- country of residence Number of the e-DNI issuing office

2. OCR-B Information printed for automated reading of the citizen’s identity as per ICAO standards for travel documents







The e-DNI does not contain any information related to personal or any other type of data (health, tax,

traffic, etc.)




The chip contains (Read electronically)

Filiation data of the holder (Restricted Area) Digitalized picture (Restricted Area) Digitalized signature (Restricted Area) Finger print (Restricted Area) Authentification Certificate (Public Area) Signature Certificate (Public Area) Private keys for the activation of the aforesaid certificates (Private Area)




Calendar, project planning

• March-2006. Issue of e-DNI’s commences at a pilot office in Burgos

• 2008: generalised use of e-DNI

• DNI: is it becoming a different document?

Principle of PurposeAdditional data on the e-DNI chip (points on licenses....)




e-AEPD

Participation of the Spanish Data Protection Agency e-government:Providing information on the legal regulations established for e-government

e-DNI:Participation on the Coordination Committee, the Technical Committee acting as support for the Committee created by the Council of Ministers Resolution of 23rd December 2004

Promoting the provision of e-government services from the Agency itself (NOTA project)



[email protected]

Thank you

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Documents

national identity card

traditional identity

digital identity

ones identity

respecting privacy

global networks guernsey

dni article

edni digital identification