Summation

Summation

31 January 2018 | EFPE | 2010

Electronic Forum on Electronic Signature 2010 Summary

On 9 – 11 June 2010 in Amber Baltic Hotel in Międzyzdroje took place the 10th edition of the European Forum on Electronic Signature – EFPE 2010, under the honorary patronage of the Minister of Economy, the European Committee for Standardization (CEN), the Polish Committee for Standardization (PKN) and the Polish Bank Association.
This Europe’s largest annual international conference on electronic signature and PKI was attended by 110 participants from 16 countries in Europe and Asia: Belarus, Belgium, Czech Republic, Germany, Hungary, Italy, Kazakhstan, Lithuania, Moldova, Netherlands, Russia, Spain, Switzerland, Ukraine, United Kingdom (together 51 participants from abroad) and Poland. Attendees represented certification authorities from different countries, software and hardware solutions suppliers, the European Commission, as well as national public administration representatives including the Polish Ministry of Economic, Ministry of Justice and Ministry of Interior and Administration.
The tenth, jubilee edition of EFPE became an occasion to summarize the activities related to electronic signatures and PKI issues since the past 10 years. The conference also allowed to estimate development of practical applications of e-signature and e-identification in Poland, in the European Union, as well as in Russia and other countries.
The main topic of the conference was “European plan on e-signature and e-identity”. A special emphasis in the conference agenda additionally to lectures, presentations and practical workshops was paid to discussions and polemics conducted during two roundtables with participation of representatives of government and business experts, namely:
Electronic signature, interoperability and general electronic services. Are we finally witnessing the beginning of a breakthrough on the European scale?” oraz Electronic identification of a citizen in public services systems – are local solutions leading to isolation or are we going to achieve cross border information exchange?”
As every year, there was an open exchange of views between the participants of the conference in the field of implemented concepts, technologies and solutions. In particular special attention was paid to interoperability problems and cross-border solutions designed for the use within a single country, the European Union, the CIS (Commonwealth of Independent States) and in the wider international scale. Representatives of EU countries agreed with the thesis that in recent years there has been clear progress in creating a legal framework for effective use of electronic communication in business and administration. Attention was also paid to the role of the new electronic signatures services, such as cross-border electronic signature verification or certificates attributes infrastructure.
However mostly discussed issues were related to the risks and barriers blocking the development of information society. Very high emotions aroused presentations and speeches about the need to harmonize acts in different countries with the directives and other EU regulations. As resulting from many speeches related to abovementioned harmonization many countries will have to face problems in adjusting legal systems, unfortunately including Poland. It has been also confirmed by the lively discussion on the draft of the new Polish act on electronic signatures and the draft of act on identity cards. Discussion participants pointed out preferred in our country local solutions of “insular” character which even could be seen as isolation in relation to the European Union.
Strongly discussed was also the necessity of a comprehensive approach in the field of legislative changes. Legal acts should not be created without not having estimated their impact on other regulations, and without the possibility of practical implementation of these laws.
Conference participants repeatedly remarked that according to the European Commission Decision of 16.10.2009 on the recognition of electronic signatures, basic and universally recognizable form of a legally binding signature should be the electronic signature based on a qualified certificate. Precisely in order to implement this idea there has been recently created the EU List of Lists, containing a list of qualified certification authorities operating in different EU countries (TSL lists).
EFPE 2010 Conclusions and recommendations
As a result of numerous discussions the main threats and demands have been identified, that as a final summary were made by a commission in the form of nine EFPE 2010 conference conclusions. Meeting those conclusions, according to the vast majority of the conference participants, should lead to the achievement of interoperability and cross-border exchange of electronic signatures and documents, and thus ensure the successful implementation of the European development plan for electronic signature and electronic identity, therefore:
Coordination of state e-government services, e-Goverment in each country should be conducted at the central level to avoid single departments solutions and lack of interoperability across the entire government.
Each implementation related to electronic communications should apply technology solutions which ensure certain level of security adequate to the identified level of risk. If a transaction requires the signature of the individual person an electronic signature, based on a qualified certificate should be used. This will ensure cooperation between different systems within the particular country and internationally.
Acts and regulations on electronic signatures and electronic documents should not contain detailed technical requirements, but should only refer to the norms and standards. In case of Poland the legitimacy of the inclusion of Polish Committee for Standardization in the legislative work relating to technical requirements has been submitted.
The level of confidence of certification services and other services related to electronic signatures, such as time stamping, verification of electronic signatures and issuing certificates of attributes should be clearly defined, so that the users of these services could be aware of their reliability. For entities providing services with the highest level of reliability similar criteria could be applied, as in the case of entities issuing qualified certificates.

Legal regulations and implementing projects are mainly aimed at solving the problems of public administration, and are not taking strong enough the requirements and expectations of business and individual users or consumers in the field of availability, scope and quality of electronic services into the account.
If we want to ensure electronic document cross-border exchange between the European Union (EU) and other countries special attention should be paid to the decisions of the Commonwealth of Independent States (CIS) on the common customs territory of Russia, Kazakhstan and Belarus, where the role of a trusted Third Party of certification services was indentified, in order to solve the problems related to the interoperability of systems operating in different countries.
There is a strong need for closer cooperation between the relevant committees of the EU and Russia as well as organizations representing the interests of other countries interested in creating legal and technical framework, that will allow to achieve the cooperation in exchanging electronic documents between all countries. It would be beneficial if the representatives participated in the meetings of working groups developing the legal and technical framework of e-documents and e-signature. It is required in order to achieve the possibility of electronic exchange between the UE and the countries of the CIS.
European Union countries creating national system of electronic documents, e-identity should comply with the standards and directives on electronic signatures and e-identification of the citizen in order to achieve interoperability of national systems in various EU countries, and above all, in order to avoid e-inclusion of citizens from different countries in terms of electronic document exchange within the Union.
EU countries should notify all drafts of acts concerning the use of electronic signatures and electronic identity as well as identification in order not to block by the Union the already adopted regulations in the particular countries, which have not undergone prior notification. This case had already happened in the past.
Międzyzdroje, Poland 11.06.2010

Dear User

The Controller of your personal data is Asseco Data Systems S.A. seated in Gdynia, ul. Podolska 21, 81-321 Gdynia, KRS No: 0000421310.

You can contact us:

  • by post (traditional mail), writing to the address indicated above;
  • by e-mail at: kontakt@assecods.pl;
  • by phone: +48 22 52 58 601.

Data Protection Officer

We have appointed a Data Protection Officer whom you can contact:

  • by post (traditional mail), writing to the address: Asseco Data Systems S.A., Biuro w Łodzi (Łódź Office), ul. Narutowicza 136, 90-146 Łódź,
  • by e-mail at: IOD@assecods.pl,
  • by phone: +48 42 675 63 60.

Objectives and legal basis of the processing

We will process your personal data to:

  • send marketing information by means of electronic communication and automation programs pursuant to the Act of July 18, 2002 on the provision of services by electronic means and in connection with Article 172(1) of the Act of July 16, 2004 on Telecommunications Law pursuant to Article 6(1)(a) of the Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as well as repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L. of 2016 No. 119, page 1)).

Data retention period

Your personal data will be stored until you withdraw your consent to receive marketing information.

Recipients of personal data.

In accordance with applicable data protection laws, we provide your personal data:

  • In accordance with applicable data protection laws, we provide your personal data:
  • to our subcontractors or other persons or entities acting on our behalf with whom we will cooperate during the performance of the agreement,
  • to entities to whom we will contract data processing services, IT service providers,
  • to the relevant public authorities to the extent that we are obliged to make your data available to them.

Your rights in relation to the processing of personal data

You have the following rights related to the processing of personal data:

  • the right to object to the processing of your data,
  • the right to access your personal data,
  • the right to request the correction of your personal data,
  • the right to request the deletion of your personal data,
  • the right to request a restriction on the processing of your personal data.

All of the above rights can be exercised by submitting a request to https://www.daneosobowe.assecods.pl or by writing to the Data Protection Officer’s e-mail address: IOD@assecods.pl

Right to lodge a complaint

You have the right to lodge a complaint with the President of the Office for Personal Data Protection (to the address: Stawki 2, 00-193 Warsaw), if you think that the processing of your personal data concerning you violates the provisions of the Regulation.

Transfers of personal data to third countries

Your personal data will be stored on servers located in the European Union; however, in connection with Asseco Data Systems S.A.‘s use of cloud solutions provided by Microsoft, they may be transferred — on the basis of standard data protection clauses — to a third country. Microsoft’s standard contractual clauses in line with the templates approved by the European Commission are available at the following address: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

Requirement to provide personal data

The provision of your data is voluntary, but it is necessary for us to send information, including marketing information, by electronic means of communication.

Automatic data processing and profiling

Your data will be processed automatically, including in the form of profiling. Automated decision making will be carried out on the basis of processing of personal data provided when completing the form and data concerning activity in the Services and activity connected with our e-mail communication with you, the consequence of such processing will be to match marketing information concerning our products and services which may be of interest to you.

Privacy Police