One of the central objectives of the DE4A project is to ensure that the once-only principle can be piloted in full compliance with the EU’s legal requirements. The main regulatory framework for the project is the Single Digital Gateway Regulation (SDGR). The SDGR defines the obligations of the Member States and of any public administrations who seek to exchange information under the once-only principle, and stipulates the rights of citizens and businesses.
Complying with these requirements seems simple on the surface. The principal provision in the SDGR (article 14) is only just over a page in length, and mainly focuses on defining simple and intuitive safeguards. It states that no information can in principle be exchanged between administrations except at the request of a user, and that the user must be allowed to preview the information before deciding whether to permit the exchange. Data protection rules must be observed, and use of the once-only principle is voluntary for the user – if they don’t want it, they have the right not to use it. Compliance seems simple enough.
But the devil, as always, is in the details. When should the preview occur, and who is responsible? What happens when information must be collected in multiple coun