Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal aspects of eID Dr Patrick Van Eecke Attorney at law (DLA Piper Rudnick Gray Cary) Lecturer (University of London & Solvay Business School)

Similar presentations


Presentation on theme: "Legal aspects of eID Dr Patrick Van Eecke Attorney at law (DLA Piper Rudnick Gray Cary) Lecturer (University of London & Solvay Business School)"— Presentation transcript:

1 Legal aspects of eID Dr Patrick Van Eecke Attorney at law (DLA Piper Rudnick Gray Cary) Lecturer (University of London & Solvay Business School)

2

3

4 Authentication Signature ID

5 Use of eID Traditional: off line use of visual data New: on line use of electronic data Online identification (web portal) Electronic Signature New: off line use of electronic data Off line identification Off line electronic signature

6 eID: good to know 1.Phased roll out of the cards 2.Valid for maximum 5 years 3.Signature function not activated for minors 4.Authentication and signature data not activated if you don’t want it 5.Specific professional groups able to receive eID 6.24/7 helpdesk in case of lost, theft, destruction of the card suspension/withdrawal of electronic functions

7 Two important legal issues What happens with the personal data? What can I do with those electronic signatures?

8 Personal data 5 typical questions 1.Who can visually control the ID? 2.Who can control the eID using electronic means? 3.Who can use the NRR number? 4.Who can receive information from the NRR? 5.Who can directly access the NRR?

9 Legal basis 1.Data Protection Act Act of 8 December 1992 (amended by act of 11 December 1998) on the protection of personal data Royal Decree of 13 February 2001 2.National Register Act Act of 8 August 1983 (amended by act of 25 March 2003) 3.National Identity Card Act Act of 19 July 1991 (amended by act of 25 March 2003) 4.Royal Decree of 5 June 2004 on acces & correction rights

10 Which kind of personal data collected? De visu & Chip 1° de naam; 2° de twee eerste voornamen; 3° de eerste letter van de derde voornaam; 4° de nationaliteit; 5° de geboorteplaats- en datum; 6° het geslacht; 7° de plaats van afgifte van de kaart; 8° de begin- en einddatum van geldigheid van de kaart; 9° de benaming en het nummer van de kaart; 10° de foto van de houder; 11° de handtekening van de houder en van de gemeentelijke ambtenaar 12° het identificatienummer van het Rijksregister. Chip 1° de identiteits- en handtekeningsleutels; 2° de identiteits- en handtekeningcertificaten; 3° de geaccrediteerde certificatiedienstverlener; 4° de informatie nodig voor de authentificatie van de kaart en voor de beveiliging van de elektronisch leesbare gegevens voorkomend op de kaart en voor het gebruik van de bijhorende gekwalificeerde certificaten; 5° de andere vermeldingen, opgelegd door de wetten; 6° de hoofdverblijfplaats van de houder.  See Article 6 & 6bis, RRN Act.

11 Who has access to the personal data? Visual control of the card Only obliged to show the card in restricted cases (Legal authorities) Art. 1 Royal Decree 25 March 2003 on ID cards Electronic control of the card Strictly regulated : only by Royal Decree See Article 6, §4, ID card Act Acces to the National Register Database (direct/indirect) Strictly regulated (5 groups, clearance by Privacy Commission) See Article 5 RRN Act

12 1. Who can control the eID visually? Only when obliged by law to provide proof of identity: 1.When requested by the legal authorities 2.With every declaration or demand for official certificate 3.Delivery of summons by baillif (“huissier de justice”) 4.in general, always when requested to deliver proof of identity Art. 1 K.B. 25 maart 2003 identiteitskaart

13 2. Who can control the eID using electronic means? Strictly regulated: only when allowed by Royal Decree Act 19 July 1991 Identiteitskaart, art. 6, §4: “Elke geautomatiseerde controle van de identiteitskaart door optische of andere leesprocédés moet het voorwerp uitmaken van een koninklijk besluit, na advies van het sectoraal comité van het Rijksregister bedoeld in artikel 15 van de wet van 8 augustus 1983 tot regeling van een Rijksregister van de natuurlijke personen.”

14 3. Wie can use the RRN number? Strictly regulated: 1.Only after authorisation by Sectoral Committee (Privacy Commission) and only for specific groups (cfr art.5). 2.Exceptions possible by Royal decree Act 8 August 1983 Rijksregister, art. 8

15 Which groups? 1.Belgian public authorities 2.Public and private entities (Belgium) as to the information they need for fulfilling a task of general interest 3.Fysical and legal person acting as a subcontractor of Belgian public authority 4.Notary public and baillif 5.Pharmacists 6.Lawyers

16 4. Who can access the RRN? Strictly regulated: 1.Only after authorisation by Sectoral Committee (Privacy Commission) and only for specific groups (cfr art.5). 2.NO exceptions possible by Royal decree Act 8 August 1983 Rijksregister, art. 5

17 Examples 1.Chamber of Representatives Access to NRR Decision March 2004: conditions fulfilled voorwaarden vervuld 2.V.Z.W. Koninklijke Nationale Kaatsclub Use of number for members database Decision April 2004: no general interest 3.VZW Nederlandstalige Vrouwenraad Women becoming 100 yrs Decision 4 October 2004: no general interest

18 What are my rights as a citizen? 1.Access right to the personal data in the database & on the card (via visualisator, online or via municipality) 2.Correction right If information is not correct or incomplete 3.Information right All administrations/persons who accessed the personal data during the last 6 months (exc: legal authorities) Free of charge  See Article 6, ID card Act + Royal Decree 5 june 2004

19 Data protection Act Formalities Towards goverment: notification Towards data subject: information Activities Processing: adequate, proportionate,... Security: technical/organisational ( state of the art ) Specific rules Export of personal data: outside the EU only if same level of legal protection Sensitive data: medical data, religious, legal data,... When applicable? 1.Personal data (name, adress, phone numer,...) 2.Process (collect, calculate,...) 3.Electronic OR manual (if logically filed) FormalitiesActivities

20 Electronic signature What is an electronic signature? What is the legal value of an electronic signature? Are electronic contracts allowed?

21 Legal basis E-SIGN Act Act of 20 October 2000 on the introduction of telecommunication means and the use of electronic signatures CSP Act Act of 9 July 2001 to create a legal framework for the usage of electronic signatures and certification services National Register Act Act of 19 July 1991(as amended by act of 25 March 2003)

22 What is an electronic signature? From a legal perspective: every alternative for a handwritten signature PIN codes Biometrics PKI … 1100110001110011

23 What is the legal value? All electronic signatures can be used as an alternative for a handwritten signature, as long as you can prove that the electronic signature corresponds to a transformation of data from which follows with certainty the identity of the author and the integrity of the contents to be signed (art. 1322 CC) The ‘qualified electronic signature’ is the only type of signature that will automatically be given the same legal value as a handwritten signature (art.4, §5 Law 9 July 2001). A qualified signature is an advanced electronic signature based on a qualified certificate and produced by a secure signature creation device.

24 Europe European directive 99/93 on electronic signatures of 13 December 1999. Transposed into all EU member states = European wide legal approach towards electronic signatures Other countries?

25 Electronic contracting allowed? E-Commerce Act of 11 March 2003 Art. 16. § 1er. Toute exigence légale ou réglementaire de forme relative au processus contractuel est réputée satisfaite à l’égard d’un contrat par voie électronique lorsque les qualités fonctionnelles de cette exigence sont préservées [….]. Art. 16. § 1. Aan elke wettelijke of reglementaire vormvereiste voor de totstandkoming van contracten langs elektronische weg is voldaan wanneer de functionele kwaliteiten van deze vereiste zijn gevrijwaard […..].

26 Double strategy: Functional equivalency principle (writing, signature) + Analysis and amendment of contradictory laws and regulations within 18 months Exceptions (e.g. real estate, family law)

27 Conclusion eID does not operate in a legal vacuum eID offers solution on different levels e-government, e-commerce, corporate governance Belgium plays a pioneering role on eID

28 More information Website www.fedict.be “Gids voor de gebruikers en ontwikkelaars” “De elektronische identiteitskaart” Website www.rijksregiser.fgov.be Book P. Van Eecke, “De Handtekening in het recht”, Larcier, 2004, see www.larcier.be

29 Receive your eID legal package, send me an e-mail Patrick Van Eecke +32 (0)2 500.16.30 patrick.van.eecke@dlapiper.com


Download ppt "Legal aspects of eID Dr Patrick Van Eecke Attorney at law (DLA Piper Rudnick Gray Cary) Lecturer (University of London & Solvay Business School)"

Similar presentations


Ads by Google