Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, “Everyone has the right to recognition everywhere as a person before the law ” Art. 6 Universal Declaration of Human Rights  Therefore, personal identity is the right of all citizens and Governments must establish the suitable mechanisms to facilitate this right to its citizens.  The concept of personal identity takes on still greater value in the current Information Society. National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, The National Identity Card (DNI) in Spain  Since 1944 provides unequivocal accreditation of the identity of its holder.  It is required in the great majority of relationships between citizens, and between citizens and public and private institutions.  Identifying document in 97% of all processing  Its use is pervasive in every sphere throughout the entire country, and is compulsory for the issue of other documents, such as :  Passport, driving license, social security number, tax identification number (NIF), etc.  Ministry of the Interior National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, From the DNI to the e-DNI  Digital identification A key tool in the development of the Information Society and legal, economic, etc. relations via the Net.  Generalised medium able to incorporate digital identity.  Legitimation of the DNI (Article 6 Data Protection Law)  Law 1/1992, of 21st of February, on Protection on Citizens Safety  Act 59/2003, on the Electronic Signature  Regulation 1553/2005 digital signature National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, The difference between a traditional identity card (DNI) and electronic identity card (DNI-e) is that the former is used to accredit one’s identity to third parties, but it is not able to sign for the specific person. On the other hand, the DNI-e, in addition to identity to third parties, also provides electronic accreditation, and it is able to provide remote witness of our presence and may sign on our behalf, if the appropriate code is provided. National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, ARTICLE 29 WP Working Document on E-Government, of 8th May 2003 (WP 73) Main concerns / Situation in Spain 1. Determination of the nature of the data registered on the card 2. Determination of the procedures of data processing, 3. Determination of the organisations allowed to have access to the various categories of information, 4. Respect of the individuals’ rights 5. Determination of the administrations entitled to decide of the nature of the data registered in the electronic identity card, 6. Potential use of the electronic identity card for commercial purposes 7.Security measures applied. 8. Centralised storage of health and biometric data, such as fingerprints.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Regulations e-Government and electronic identification  Directive1995/46/EC on Data Protection  Directive 1999/93/EC on Electronic Signatures  Directive 2000/31/EC on Electronic Commerce  Law 30/1992 on Administrative Procedure  Organic Law 15/1999 on Data Protection  Law 34/2002 on the Information Society  Law 59/2003 on Electronic Signature  RD 263/96: Use of, electronic, computing and telematic techniques  Law 24/2001: Telematic Logs, Acknowledgement of Receipt, Notaries Public and Registrars  RD 209/2003: Telematic logs and notifications. Certificates.  Law 7/2003 on the New Limited Liability Company  RD 1553/2005, issue of electronic DNI  Order INT/738/2006, of 13 of March. Declaration of practices and policies of certification of the Department of the Interior

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Objectives of the e-DNI  Accredit the identity and the personal data of its holder, as well as the Spanish nationality.  To certify the identity of the citizen not only in the physical world, but also on online transactions, allowing signing all type of electronic documents. Using a safe device of signature, the electronic signature that takes place by means of the electronic DNI will have effects equivalent to those of a written by hand signature  To emit the e-DNI in a single administrative act, reducing therefore the time used for its obtaining  Interoperability with the European projects of digital identification  To foment the confidence in the electronic transactions.  Acceptance on the part of all the Public Administrations and Organizations of tie or dependent Public Right of the same ones of the use of the electronic DNI. National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Electronic Signature  System of accreditation that allows the verification of the identity of people with the same value that the hand written signature, authenticating the communications generated by the signer.  Law 59/2003 defines digital signature in its article 3.1 as “ The electronic signature is the set of data in electronic form, briefed next to others or associated with them, that can be used like means of identification of the signer”  The Law distinguishes between advanced electronic signature (identifies the signer and detects future changes) and recognized electronic signature (same value as hand written signature) National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Electronic Signature System  Registration Authority: DNI Issuing Offices (National Police Department) Registry of data and personal identity accreditation  Certification Authority: Ministry of the Interior. National Police Department Issuance of electronic certificates  Validation Authority: Various entities Information on the validity of the certificates. Data Controller processing all the information: National Police Department National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Characteristics of the e-DNI Smart card: physical card + chip Digital certificates Digital certificates of authentication and electronic signature Private area (DNI Holder) Certificate of signature Private keys Public area (Unrestricted) Certificate of authentication Public keys Restricted Area (Verification by Law Enforcement Bodies) Biometrical data National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,  The front of the card includes the following items: 1. In the central body of the card: Family Name Name Second Family Name Sex Nacionality Date of birth Serial Number of the phisical support of the card Expiration date Validity date 2. At the lower left corner Number of the National Identity Card National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,  The back of the card contains the following data 1. In the top of the card:  Place of birth  Region- Country  Parent´s names  Residence  Town of residence  Province- country of residence  Number of the e-DNI issuing office 2. OCR-B Information printed for automated reading of the citizen’s identity as per ICAO standards for travel documents National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,  The e-DNI does not contain any information related to personal or any other type of data (health, tax, traffic, etc.) National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,  The chip contains ( Read electronically )  Filiation data of the holder (Restricted Area)  Digitalized picture (Restricted Area)  Digitalized signature (Restricted Area)  Finger print (Restricted Area)  Authentification Certificate (Public Area)  Signature Certificate (Public Area)  Private keys for the activation of the aforesaid certificates (Private Area) National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Calendar, project planning March Issue of e-DNI’s commences at a pilot office in Burgos 2008: generalised use of e-DNI DNI: is it becoming a different document? Principle of Purpose Additional data on the e-DNI chip (points on licenses....) National Electronic Identity Card (DNI-e)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, e-AEPD Participation of the Spanish Data Protection Agency  e-government: Providing information on the legal regulations established for e-government  e-DNI: Participation on the Coordination Committee, the Technical Committee acting as support for the Committee created by the Council of Ministers Resolution of 23 rd December 2004  Promoting the provision of e-government services from the Agency itself (NOTA project)

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Thank you