Final Statement

5 February 2018 |by pozargrz | Comments Off on Final Statement | 2016

EFPE 2016 FINAL STATEMENT ON NEW EUROPEAN UNION TRUST SERVICES IMPLEMENTATION

The European Forum on Electronic Signature is the largest international conference in Europe gathering of community professionals related to security, electronic trust services and electronic identification. This year, 16th edition of EFPE with the leading topic being “Electronic identification and trust services (eIDAS) – advantages of a single, cross-border digital market”, was held on 9-10 June 2016 in Szczecin (Poland).

EFPE 2016 was attended by over 130 participants from 21 countries. Among them were representatives of European Commission, ETSI, large institutions using trust services (including government offices and agencies), producers of software and/or hardware solutions and trust service providers related to electronic signature and electronic identification.

In addition to lectures, presentations and practical workshops, the special role have played discussions and polemics that have been conducted during two round tables with participation of representatives of government and business. These two round tables were focused on the following topics:

  1. Trust services and e-identification – accessibility or security? How to keep the right balance, having in mind the benefits for the end-user;
  2. Paperless Country – how will the eIDAS Regulation help us move to a paperless world?

The entry into force of eIDAS Regulation implies a new legal order in the area of trust services, which raises the need to adapt the national law of the Member States to the new conditions. This adaptation applies to those areas where eIDAS Regulation simply requires appropriate regulations in national law (e.g. an indication of the supervisory authority), or those ones where eIDAS Regulation is applied in an incomplete way, or for which the regulation leaves a discretion to the national legal systems. The solutions to be adopted in national legal regulations should undoubtedly have a positive impact on the transparency and consistency of the legal system and should also become more readable for the recipient.

This is particularly important in the context of the main message of eIDAS Regulation, i.e. removing existing barriers to the cross-border use of electronic identification and trust services for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the European Union.

The above is the reason why this year’s conference comes at a time when eIDAS Regulation issues will be the focused on the problems of a single, cross-border digital market. These problems were discussed by many conference participants and are presented below in the form of recommendations addressed to citizens, businesses and public authorities.

  • The conference participants pointed out that identification of users based on foreign eID is a severe challenge, regardless of the fact that the identity/identification is authenticated by use of an eID according to eIDAS, because:
    • even when both countries use national identifiers for their residents, identifiers cannot necessarily be (legally) used cross-border nor be reliably mapped between countries.
    • access to eGov services may require a specific, national identification that foreigners may not possess, and that cannot be derived from the identification provided.
    • there is a clear risk of establishing multiple identities for one person based on inconsistent identification, causing risks related to e.g. fraud.

    The above challenges can be solved by Member States countries if the governments decide to put priority on this.

  • During the conference it was indicated that it is important to identify not only many challenges in implementing eIDAS in certain EU Member States, but also to evaluate what is the impact of eIDAS outside the EU. This is important practical problem because the cross-border public services are low on the agenda (e.g. eGov strategies and the like) of governments.
  • The conference participants also stated that eIDAS Regulation ensures the conditions for European Trust Service market, so e-Signature stakeholders are called to do their part by assuring cross-country interoperability, proposing solutions easy for everyone and strongly integrated into digital processes/workflows. European bodies, especially European Commission, ETSI, CEN and ENISA, should support the deployment of these services in Europe.
  • China is now the European Union’s second trading partner behind the United States and the EU is China’s biggest trading partner. Hence, the conference participants are convinced that China licensed trust service providers and European qualified trust service providers should work together to provide trade contract eSign services for Europe and China traders, to save delivery cost and save time.
  • The participants got acquainted with the information on the experience of Kazakhstan in terms of building a public key infrastructure, and have taken note that the exchange of information between Kazakhstan and other countries can be implemented on the basis of the trusted third party services provided in Kazakhstan in accordance with the applicable law.
  • As a result of the discussion on the work carried out within the framework of the creation, operation and development of the Trans-boundary Trust Environment in various international fora (UNESCAP, UNCITRAL, UNCEFACT, EAEU and others) based on respect for the principle of digital sovereignty of all the participating states, the Conference participants noted the expediency of solutions elaborated in those international organizations as well as in the EU. Moreover, the harmonisation of regulations in normative acts, technical and organizational solutions applied by those international fora on the one hand, and in the EU in the part of creating trust service market on the other hand, should facilitate the development of interaction between the EU and the other international associations markets. Cooperation between authorized organisations and experts involved in these works is a necessary condition to achieve a positive result.
  • A qualified eSeal perfectly fulfills the Pareto-Principle: one can achieve 80% of the benefits of a qualified eSignature with only 20% of the effort. The eSeal based on eIDAS Regulation and CEN/ETSI-Standards is the ‘fast-forward’ to digitalization of eServices and the EU Digital Market with the potential of 500 million independent, self-determined users.
  • The conference participants pointed to the need for the cooperation between EU and non-member states of EU:
    • to facilitate cooperation on issues of legal and technical regulation in the field of electronic signatures and other trust services, and on issues of implementing the eIDAS Regulation, as well;
    • to conclude an international treaties on mutual recognition of third countries certificates and European certificates used in the provision of legally significant electronic services in the interaction among the various states;
    • to give technical assistance for the best understanding of notification procedures of electronic identification schemes according the new legislation base of Europe.
  • The market is very interested in the trust services and theirs implementation. At EFPE 2016 some companies announced theirs new solutions strongly oriented to Trust Services through a modern approach (based on server or mobile devices) to online e-signature and its validation, citizen’s strong authentication, authorization and identification.
  • Public administration that intends to provide trust services to the public should do it on the base of equal and competitive rules with commercial subjects. The conference participants reiterate the belief expressed many times in last years’ conferences that the public administration should increasingly rely on commercial solutions offered by service providers operating on the digital market.

This final document has been prepared by international experts and participants (among others by Jon Ølnes, Arno Fiedler, Sławomir Górniak, Sergey Kiryushkin, Yurii Kozlov, Alla Kryzhanovska, Jerzy Pejaś, Marco Scognamiglio, Assel Seifullina, Murat Seisenov, Artur Skrzeczanowski, Richard Wang) during the EFPE 2016. This document has been translated into English, Polish and Russian and presented for acceptance by participants of the conference. We kindly ask policy makers and lawmakers to consider this modest contribution to the European discussion in their future efforts.

 

D.Sc. Eng. Jerzy Pejaś
Chairman of EFPE 2016 Program Committee
West Pomeranian University of Technology in Szczecin
Poland

KEEP READING

Speakers

31 January 2018 |by pozargrz | Comments Off on Speakers | 2016 KEEP READING

Gallery

31 January 2018 |by pozargrz | Comments Off on Gallery | 2016 KEEP READING

Summation

31 January 2018 |by pozargrz | Comments Off on Summation | 2016

Identification and trust services (eIDAS) – benefits from a single, cross-border digital market

The aim of this year’s conference is to support the development of the digital single market by creating appropriate conditions conducive to mutual cross-border recognition of major activators, such as electronic identification, electronic documents, electronic signatures and electronic delivery services, and appropriate conditions conducive to the interoperability of eGovernment services throughout the European Union.

Conference topics:

  • EU Regulation on electronic identification and trust services (eIDAS) – new legal conditions on the European market. Impact of the eIDAS regulation on the international trust services market
  • Trust services in Poland, Europe and the world – review and exchange of experience
  • Accreditation and supervision of trusted electronic services in Europe and in the world
  • New standards and standards as a tool for the practical implementation of security and trust services
  • Authentication and identification in the world of mobile devices
  • Technologies of cross-border trust services
  • An overview of practical solutions in line with the eIDAS regulation
  • Tools of modern European e-administration – experience and perspectives
  • Trust services in modern health care systems and electronic circulation of medical records
  • Mobility and interoperability of trusted electronic services
  • Trusted electronic services in SaaS (Cloud) and stand alone – competition or cooperation?
  • Practical use of trust services in business – security, savings and efficiency on Case Study examples
  • Authentication and identification services in the cloud – interoperability, security, universality
  • Internet of Things (IoT) – solutions and technologies allowing for authentication and secure communication
  • What problems do the eIDAS regulations solve? Presentation of examples from Poland
KEEP READING

Dear User

The Controller of your personal data is Asseco Data Systems S.A. seated in Gdynia, ul. Podolska 21, 81-321 Gdynia, KRS No: 0000421310.

You can contact us:

  • by post (traditional mail), writing to the address indicated above;
  • by e-mail at: kontakt@assecods.pl;
  • by phone: +48 22 52 58 601.

Data Protection Officer

We have appointed a Data Protection Officer whom you can contact:

  • by post (traditional mail), writing to the address: Asseco Data Systems S.A., Biuro w Łodzi (Łódź Office), ul. Narutowicza 136, 90-146 Łódź,
  • by e-mail at: IOD@assecods.pl,
  • by phone: +48 42 675 63 60.

Objectives and legal basis of the processing

We will process your personal data to:

  • send marketing information by means of electronic communication and automation programs pursuant to the Act of July 18, 2002 on the provision of services by electronic means and in connection with Article 172(1) of the Act of July 16, 2004 on Telecommunications Law pursuant to Article 6(1)(a) of the Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as well as repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L. of 2016 No. 119, page 1)).

Data retention period

Your personal data will be stored until you withdraw your consent to receive marketing information.

Recipients of personal data.

In accordance with applicable data protection laws, we provide your personal data:

  • In accordance with applicable data protection laws, we provide your personal data:
  • to our subcontractors or other persons or entities acting on our behalf with whom we will cooperate during the performance of the agreement,
  • to entities to whom we will contract data processing services, IT service providers,
  • to the relevant public authorities to the extent that we are obliged to make your data available to them.

Your rights in relation to the processing of personal data

You have the following rights related to the processing of personal data:

  • the right to object to the processing of your data,
  • the right to access your personal data,
  • the right to request the correction of your personal data,
  • the right to request the deletion of your personal data,
  • the right to request a restriction on the processing of your personal data.

All of the above rights can be exercised by submitting a request to https://www.daneosobowe.assecods.pl or by writing to the Data Protection Officer’s e-mail address: IOD@assecods.pl

Right to lodge a complaint

You have the right to lodge a complaint with the President of the Office for Personal Data Protection (to the address: Stawki 2, 00-193 Warsaw), if you think that the processing of your personal data concerning you violates the provisions of the Regulation.

Transfers of personal data to third countries

Your personal data will be stored on servers located in the European Union; however, in connection with Asseco Data Systems S.A.‘s use of cloud solutions provided by Microsoft, they may be transferred — on the basis of standard data protection clauses — to a third country. Microsoft’s standard contractual clauses in line with the templates approved by the European Commission are available at the following address: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

Requirement to provide personal data

The provision of your data is voluntary, but it is necessary for us to send information, including marketing information, by electronic means of communication.

Automatic data processing and profiling

Your data will be processed automatically, including in the form of profiling. Automated decision making will be carried out on the basis of processing of personal data provided when completing the form and data concerning activity in the Services and activity connected with our e-mail communication with you, the consequence of such processing will be to match marketing information concerning our products and services which may be of interest to you.

Privacy Police