Final Statement 2017

Conference EFPE 2020 > Archiwum > 2017 > Final Statement 2017

Final Statement 2017

5 February 2018 | EFPE | 2017

FINAL DECLARATION OF THE 17TH CONFERENCE

The European Electronic Signature and Trust Services Forum (EFPE 2017) is one of the largest international conferences devoted to the matters of trust services. This year on 6-7 June, the city of Szczecin was the host to the 17th edition of the conference, the main theme of which was “Digital Identification and Mobile e-Services – Security and Accessibility”. This year’s edition of the EFPE 2017 was attended by more than 130 participants from 16 countries of Europe, Asia and the Americas, namely: Azerbaijan, Belgium, Czech Republic, France, Spain, Costa Rica, Luxemburg, Moldova, Poland, Russia, Slovakia, United States of America, Ukraine, Uruguay, Great Britain and Italy. There were representatives of numerous prominent institutions, i.a. the European Commission, ETSI, the Polish Ministry of Digitalization, large institutions using trust services (including banks, government offices and agencies), manufacturers of software, equipment and providers of trust services connected with electronic signature and electronic identification.

In addition to the lectures and presentations, a special role during the conference was played by the discussions conducted in a substantive manner during the three discussion panels with the participation of representatives of business, administration and higher education sectors. The following topics were covered during the discussion panels:

  1. What will the e-identity and trust service market model look like in Poland and Europe – key success factors;
  2. How the financial sector perceives the opportunities, threats, and potential of e-ID and trust services.
  3. The commercial potential of the eID and trust services market

This year’s conference has shown that trust services and electronic identification are becoming the tool for executing business objectives for entities from various sectors that have previously had neither the possibilities nor the knowledge that would allow them to take full advantage of their potential. The discussions held during the conference focused on the use of the means of electronic identification, electronic signature, and future delivery services in international exchange, in the public administration sector and in the commercial sector in parallel, with particular focus on the financial sector. As the one that is best prepared for the development of trust services, the financial sector is, in fact, the first stage of implementing the commonly used trust services.

An important provision is the aspect of the interaction of commercial tools in the digital structure of e-administration. Public administration, often emphasizing the development of its own services, such as the Trusted Profile in Poland, is not always able to recognize the benefits coming from synergy with other tools, which, in addition to the elementary functions, provide the users with the comfort of using added content, for instance, insurance, cross-bordering or universality of use.

The aspect that deserves distinction is undoubtedly the fact that public administration in most EU countries has already adopted their information systems to the use of trust services provided in accordance with the standards established by the regulations of eIDAS, which, among others, indicate the need to stop using the cryptographic hash function of SHA-1. It is important because these systems should seamlessly handle e-signatures, electronic stamps and time stamps after the introduced statutory changes, in order to ensure a higher level of security as well as an interoperability and crossbordering of the exchange of documents. In the countries where the pace of implementation of changes and requirements of the eIDAS regulation in public administration is insufficient, it is recommended that a close cooperation of the administration with commercial entities and academic centers is established, which will undoubtedly translate into an increased pace of implementation of changes. At the same time it should be noted that the trust services market is developing at a dynamic pace, meeting the requirements of both the individual countries and the international legislation. The entities operating on the market of trust services see its great potential which is additionally stimulated by the regulations introduced by the PSD2 directive (on payment services) and the RODO regulation (on personal data protection).

Currently, in the area of e-deliveries, it can be seen that there is no functional counterpart to crossborder nodes; however, the construction of such a structure does not necessarily have to be based on the solutions used in the eID areas. The essence of the problem should be sought in the ambiguous vision of the European Commission and the standardization organization concerning the integration of e-deliveries mechanisms in the structure of the European Union.

In the scope of the electronic stamp, in spite of the eIDAS regulations and the services being developed, it should be considered to send a joint message to the representative of public administration for the creation of a unified legislative solution suited to the electronic stamp solutions. Until the relevant regulations are introduced, the market of e-services should react dynamically, and the effects of using the electronic stamp at the level of the Member States can be determined at the level of the domain regulations and individual systems (e.g. registers that could issue electronically stamped declarations). However, to facilitate the rotation of documents with the electronic stamp at an international level, regulations would be needed to make it easier for the party accepting the document to evaluate its actual legal effect.

There is an upward trend in the availability of remote signature services in the global market, including in the European Union. It should be noted, at the same time, that there are legislation and standardization works being developed on the clarification of the guidelines that will become a determinant of the standardization of these services.

During the EFPE 2017 conference, the participants noted that the eID market, in global terms, was in the early stages of development. The eID report that was presented at the conference undoubtedly implies that the construction and development of a coherent system for electronic identification will provide measurable benefits for both the public administration, citizens and the commercial sector, planning the actions directly connected with the digital transformation. It is also necessary to develop catalysts for changes that may contribute to the success of the digital public administration. Making recommendations for the solutions of e-identity in the EU is one of the tasks of the European Commission.

Now is the time to broaden the market’s interest in the benefits of electronic identification services in connection with trust services, which will undoubtedly develop strongly in the coming years. The Participants and the organizers agreed that the EFPE conference is of great significance for spreading practical knowledge, and next year’s edition of this conference should specifically address the needs of new beneficiaries of electronic identification and trust services. Also, a greater cooperation between the public and the private sectors is expected. The effect of the synergy that is possible to achieve should contribute to the dissemination of the broadly defined electronic communication, at the same time making it fully cross-border.

This final document was prepared by international experts and participants during EFPE 2017 in English, Polish and Russian. We ask that politicians and legislators, in their future actions, consider this small contribution of the EFPE in the European and international discussion.

Dear User

The Controller of your personal data is Asseco Data Systems S.A. seated in Gdynia, ul. Podolska 21, 81-321 Gdynia, KRS No: 0000421310.

You can contact us:

  • by post (traditional mail), writing to the address indicated above;
  • by e-mail at: kontakt@assecods.pl;
  • by phone: +48 22 52 58 601.

Data Protection Officer

We have appointed a Data Protection Officer whom you can contact:

  • by post (traditional mail), writing to the address: Asseco Data Systems S.A., Biuro w Łodzi (Łódź Office), ul. Narutowicza 136, 90-146 Łódź,
  • by e-mail at: IOD@assecods.pl,
  • by phone: +48 42 675 63 60.

Objectives and legal basis of the processing

We will process your personal data to:

  • send marketing information by means of electronic communication and automation programs pursuant to the Act of July 18, 2002 on the provision of services by electronic means and in connection with Article 172(1) of the Act of July 16, 2004 on Telecommunications Law pursuant to Article 6(1)(a) of the Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as well as repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L. of 2016 No. 119, page 1)).

Data retention period

Your personal data will be stored until you withdraw your consent to receive marketing information.

Recipients of personal data.

In accordance with applicable data protection laws, we provide your personal data:

  • In accordance with applicable data protection laws, we provide your personal data:
  • to our subcontractors or other persons or entities acting on our behalf with whom we will cooperate during the performance of the agreement,
  • to entities to whom we will contract data processing services, IT service providers,
  • to the relevant public authorities to the extent that we are obliged to make your data available to them.

Your rights in relation to the processing of personal data

You have the following rights related to the processing of personal data:

  • the right to object to the processing of your data,
  • the right to access your personal data,
  • the right to request the correction of your personal data,
  • the right to request the deletion of your personal data,
  • the right to request a restriction on the processing of your personal data.

All of the above rights can be exercised by submitting a request to https://www.daneosobowe.assecods.pl or by writing to the Data Protection Officer’s e-mail address: IOD@assecods.pl

Right to lodge a complaint

You have the right to lodge a complaint with the President of the Office for Personal Data Protection (to the address: Stawki 2, 00-193 Warsaw), if you think that the processing of your personal data concerning you violates the provisions of the Regulation.

Transfers of personal data to third countries

Your personal data will be stored on servers located in the European Union; however, in connection with Asseco Data Systems S.A.‘s use of cloud solutions provided by Microsoft, they may be transferred — on the basis of standard data protection clauses — to a third country. Microsoft’s standard contractual clauses in line with the templates approved by the European Commission are available at the following address: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

Requirement to provide personal data

The provision of your data is voluntary, but it is necessary for us to send information, including marketing information, by electronic means of communication.

Automatic data processing and profiling

Your data will be processed automatically, including in the form of profiling. Automated decision making will be carried out on the basis of processing of personal data provided when completing the form and data concerning activity in the Services and activity connected with our e-mail communication with you, the consequence of such processing will be to match marketing information concerning our products and services which may be of interest to you.

Privacy Police