OOP in Luxembourg

 

Abstract

The OOP (Once Only Principle) is a milestone specified in the new EIF, according to which “as far as possible, under the legislation in force, users should be able to provide data once only, and administrations should be able to retrieve and share this data to serve the user, in accordance with data protection rules. Users should be asked to provide only the information that is absolutely necessary to obtain a given public service.”

The Grand-Duchy of Luxembourg has implemented the OOP as efficiently as possible by making it a component of the Guichet.lu One Stop Shop, which is simultaneously a repository of 1500 descriptions of administrative procedures for citizens and businesses and of 170 interactive online procedures accessible via the MyGuichet.lu platform.

MyGuichet.lu allows users to carry out administrative procedures online in a safe and secure manner by using a strong authentication and signature mechanism, i.e. an eID product (national ID card, smartcard, signing stick, token, etc.) using a LuxTrust* certificate or any other eIDAS compliant certificate (as of September 2018). The user can complete the procedure online, sign it electronically, attach any necessary supporting documents, and submit it to the administrative department concerned via MyGuichet.lu.

* Luxtrust is a Luxemburgish authentication and eSignature service provider, recognised as a trust service provider (TSP) by ILNAS (the Luxembourg public standards service). This attests LuxTrust’s expertise and strict compliance with the most stringent European security norms and standards. LuxTrust is owned by the State and the main commercial banks of the country, including the ones managed through public funds.

EIF and interoperability matching

The EIF recommendations concerning the OOP have been implemented by the Luxembourgish government in such a manner that, apart from certain exceptions (i.e. fiscal secrecy), the authentic data already contained in the National Register of Natural Persons is used by public administrations. By default, these administrations therefore do not need to ask citizens’ explicit permission to use that data, and citizens do not need to provide evidence that the data in the register is correct (Law of June 25, 2013, Art. 4)

This represents a significant gain of efficiency for citizens, businesses and public administrations. Of course, the need to respect the protection of personal data and privacy remains a primary concern, so technical solutions that ensure that users keep control over their personal data (explicit consent, tracking access ...) have been implemented.

Policy context

The Government Council approved, in the context of the “Digital Luxembourg” initiatives, five principles for the implementation of an efficient digital administration on July 24, 2015.

“Digital Luxembourg” aims to provide a common framework for the numerous public and private initiatives that make up the country’s digital economy and society by introducing among others legislation designed to back the development of ICT and digital services and providing public services that are adapted to a digital economy.

These principles are:

1. Digital by default: As far as possible and relevant, administrative procedures must be accessible online, reliable, safe, efficient and quick. The aim of making online procedures as attractive as possible is that citizens and businesses will, over time, opt for them by default. This has three consequences:

• any new law that will result in an administrative procedure has to take into account and integrate its electronic implementation from the conceptualisation stage on;
• while the use of electronic procedures is not imposed on citizens but sometimes mandatory for businesses, it should at least be encouraged and become the default option;
• the digitalisation of a procedure must be accompanied as far as possible by an administrative simplification.

2. OOP: The Law of June 25, 2013 concerning the digital identification of physical persons forms the main basis for the OOP by prescribing that authentic data already contained in the National Register of Natural Persons have to be reused by public administrations, that these administrations are not allowed to ask once more for these data and that citizens do not need to provide evidence that the data in the register is correct.
   Nevertheless the OOP is also applied for other registers or databases not covered by the Law of June 25, 2013 but containing other authentic data: Cadastre, Cars register, Driving licence, VAT balance sheet, …
3. Transparency: the authorities' responsibility towards civil society has the following consequences for citizens and businesses:

• they can consult the data about them that administrations hold and manage, and check at any moment which administration has accessed their data and when;
• they can track the processing of a procedure;
• they can reuse public sector data, which is promoted through the establishment of a national open data portal.

4. Data protection: all e-government services are developed in close collaboration with the National Commission for Data Protection in order to offer the necessary safeguards to reconcile administrative simplification, ease of use for citizens and the protection of personal data.
5. Centralisation of e-Services through a single central portal (Guichet.lu, which contains myGuichet.lu, the part of the single portal in charge of interactive administrative procedures)

Implementation of the initiative

The implementation of the Guichet.lu and myGuichet.lu platforms started in 2008. Initially, myGuichet was only a repository for PDF forms that could be completed and uploaded by citizens and businesses, but truly interactive administrative processes started being put in place by 2013. At that point, it became obvious that an important revamp was necessary in order to ensure the compliance to all the principles and laws outlined above.

Digital by Default: The solution’s SOA architecture is designed to enable the easy implementation of new procedures in a fully extendable environment. This allowed for a large number of procedures, that were formerly only available on paper, to be replaced by their electronic equivalent, and any time a new procedure is needed it can be directly developed as an electronic service if appropriate. Furthermore, information campaigns to raise public awareness of the convenience of electronic procedures are ongoing.

Once Only Principle: the OOP is implemented in three distinct ways. Given that data related to citizens or businesses is stored in central registers or databases (e.g. National Register of Natural Persons, VAT balance sheet…) that are deemed authoritative sources, and the data contained therein can often be shared across public administrations:

1. Either the data is reused automatically in the context of procedures at back office level without any explicit intervention of the user.
2. Or, in those cases where the citizens’ / businesses’ explicit consent is necessary in order for the administration to retrieve the necessary data from the central registers/databases, the administration asks for that consent but can then retrieve, if the consent was given, the data by itself without further intervention by the citizen / business. (Example: an administration needs a copy of a citizen’s criminal record. It will not ask the citizen to provide the document itself, but only request their consent to retrieve the information).
3. Or the citizen /business decides to reuse, in the context of a particular online service, information that he inserted himself in his personal space and that therefore is not information coming from an authentic source, i.e. from a central authoritative register or database.

Transparency: at any moment, a citizen or a business can verify the status of a procedure that was sent to an administration and can verify what registered data was consulted by whom in order to process a procedure. Moreover, citizens’ or businesses data stored in public registers can be consulted and amended (in case of errors) at any moment by the users themselves through their online access to the system.

Personal Data protection: The platform for online procedures has been developed in compliance with the highest security standards. Communication channels are fully encrypted and access to the platform is granted to the user through a strong authentication mechanism. Moreover, as many procedures ask the user to electronically sign them before transmission to the relevant administration.

The authentication and signature mechanism relies on the use of an eID product (National ID Card, Smartcard, Signing Stick, Token, etc.) using a LuxTrust certificate or any other eIDAS compliant certificate (as of September 2018).

The Centralization of e-Services is implemented through the Guichet.lu portal: Guichet.lu is Luxembourg’s administrative single point of contact that can be used as the central entry point for all administrative procedures that are available online. It is available in 3 different languages and procedures are sorted by target audience (Citizens or Businesses). For each procedure, Guichet.lu provides relevant information on the procedure itself, information on who it is intended for, what conditions, prerequisites and costs are attached to it, the contact information of the administration that has defined the procedure, and, if applicable, a direct link to the electronic procedure itself managed on the MyGuichet.lu platform which is the part of guichet.lu that allows the online fulfilment of administrative procedures, their validation and transmission to the relevant administration. Myguichet.lu allows users to create a secure personal space in which they can initiate, access and track their administrative procedures, communicate directly with administrations, but also access, verify and amend personal data and store supporting documents for their procedures. It is a main building block and backbone for the implementation of the OOP for administrative procedures.

MyGuichet.lu - Technology solution overview

A combination of both front- and back-office approaches for the technical implementation:

Front office

Back-office

• Administrations can either use the back-office component of MyGuichet.lu (manual processing of received procedures) or integrate a dedicated back-office to automatically process the procedures. When a dedicated back-office is used it is also possible to integrate authentic sources within this back-office to retrieve and/or verify authentic data.

Through these solutions, Luxembourg was one of the first countries in Europe that made the OOP a cornerstone of both its eGovernment policy and of its new interoperability framework, which will be published in 2018 and which will be closely aligned with the new European Interoperability Framework (EIF).

Governance

The project has been developed in collaboration with the relevant ministries and agencies and designed within the legal framework outlined above.  Project coordination and supervision is handled by the government IT centre (CTIE), which has the mission of implementing eGovernment projects in all government agencies and ministries in Luxembourg. The CTIE reports to the Ministry of the Civil Service and Administrative Reform, which bears the political responsibility for the modernisation and simplification of administrative procedures.

The CTIE retains a certain independence to shape and accompany the digital transition of the administration, including the adoption of the OOP. The CTIE provides professional support and operational suggestions to public sector organisations that want to implement the principle in one or several of the public services for which they are responsible. It cannot, however, oblige anyone to implement digitalisation and modernisation measures if they don’t correspond to the administration’s whish or political remit.

The CTIE prioritises projects based on their impact on citizens and businesses, their possible generalisation throughout all government departments, and their feasibility. Once a project has been formally decided, it is developed in collaboration with the relevant administrative department using an in-house project management methodology that was tailored to the specific needs of the public sector, and in accordance with the political priorities defined by Digital Luxembourg.

 

Guichet.lu and MyGuichet.lu at a glance

 

Current number of services available on myGuichet

Legend:

• On-line procedures: Either:
• authenticated procedures which need a strong authentication from the user before he can use them, or:
• unauthenticated procedure: in some circumstances, it not possible or not useful to authenticate the user (foreigners who do not have access to LuxTrust products, non-Luxemburg citizens,…) for a procedure fulfilment. Certain procedures have therefore been designed to not requesting user authentication
• eTracking: a service that allows a user to request a follow-up of his procedure
• Authentic sources: data sources such as RNP that are accessible through myGuichet.

 

Evolution of the number of enrolled users

 

Evolution of the number of transmissions (Citizens and Businesses)

Evolution of accesses to authentic sources

Main results, benefits and impacts

An efficient electronic administration allows citizens and businesses to carry out their administrative procedures remotely, in a completely dematerialised way with, if necessary, the possibility to track their progress, and the possibility to view any data the government holds on them. This results in savings of time and money, in a higher level of trust and more transparency, which contributes directly to the attractiveness of the country.

The more and more systematic use of OOP brings considerable efficiency gains for citizens, businesses and public sector organisations, allowing them to simplify and optimize their processes and facilitate communication with citizens. The automatic processes through which data can be reused by different administrations have demonstrated that they allow for a considerable reduction in telephone calls to case managers, as well as contributing to a more efficient management, better file checks and faster decision-making, resulting in savings of time and resources. In addition, strengthening the implementation of centralised and shared solutions for citizens and businesses can rationalise development costs and thus achieve economies of scale.

Lessons learnt

The figures provided above are telling: as more and more procedures have been made available online over time, an increasing number of citizens or businesses are using them. This confirms that the government’s eGovernment policies and solutions are in line with both user expectations (ease and convenience, security, transparency…) as well as administrations’ expectations (cost and time savings through automated processing, gains in efficiency and user satisfaction, improvement of the public sector’s image… ).

As concerns authentic data stored in public registers or databases, the possibility for users to visualise and amend them (in case of errors) in a secure environment has led to a tangible improvement of the data quality and an increase in the public’s trust in authentic sources and the accountability of the government.