One of the central objectives of the DE4A project is to ensure that the once-only principle can be piloted in full compliance with the EU’s legal requirements. The main regulatory framework for the project is the Single Digital Gateway Regulation (SDGR). The SDGR defines the obligations of the Member States and of any public administrations who seek to exchange information under the once-only principle, and stipulates the rights of citizens and businesses.
Complying with these requirements seems simple on the surface. The principal provision in the SDGR (article 14) is only just over a page in length, and mainly focuses on defining simple and intuitive safeguards. It states that no information can in principle be exchanged between administrations except at the request of a user, and that the user must be allowed to preview the information before deciding whether to permit the exchange. Data protection rules must be observed, and use of the once-only principle is voluntary for the user – if they don’t want it, they have the right not to use it. Compliance seems simple enough.
But the devil, as always, is in the details. When should the preview occur, and who is responsible? What happens when information must be collected in multiple countries? How do you comply with data protection laws when the information may contain data on third parties who don’t even know that their data is being exchanged?
In order to be successful, Member States need to take the same position on all of these topics. For that reason, DE4A has a specific work package dedicated to consensus building
on legal topics. Through a series of iteratively developed white papers, the legal team in DE4A tries to get everyone on the same page, keeping in mind the triple objective of piloting the SDGR, seeking an optimal application of the once-only principle, and building world class e-government services in Europe. The final outcomes will be bundled in a deliverable which will be published over the summer.