Skip to main content

Underlying Principle 8: Security and privacy

'.'
Citizens and businesses must be confident that when they interact with public authorities they are doing so in a secure and trustworthy environment and in full compliance with relevant regulations, e.g. the Regulation and Directive on data protection, and the Regulation on electronic identification and trust services. Public administrations must guarantee the citizens’ privacy, and the confidentiality, authenticity, integrity and non-repudiation of information provided by citizens and businesses.

 

 Covered by: 

Recommendation 15

Define a common security and privacy framework and establish processes for public services to ensure secure and trustworthy data exchange between public administrations and in interactions with citizens and businesses. Supporting Solutions

 

Legal initiative Description Recommendation

Short title: General Data Protection Regulation (GDPR)

Title: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Status:

In force

The General Data Protection Regulation (GDPR) allows European Union (EU) citizens to better control their personal data. It also modernises and unifies rules allowing businesses to reduce red tape and to benefit from greater consumer trust.
The GDPR is part of the EU data protection reform package, along with the data protection directive for police and criminal justice authorities.
Recommendation 15

Shor title: Data Governance Act

Title: Proposal for a Regulation of the European Parliament and of the Council  on European data governanceCOM(2020) 767 final

Status:

Legislative Proposal

This Proposal aims at creating a legislative framework for the governance of common European data spaces. It proposes measures:
- to unlock more publicly held data for research serving the common good;
- to support voluntary data sharing by citizens (‘data altruism’); and
- to set up an EU-level governance structure to prioritise standardisation needs and improve data interoperability.
Recommendation 15

Short title: eProcurement Directive

Title: Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC 

Status:

In force and transposed

The legislation specifies that when national authorities use public procurement to invite tenders to provide works, supplies or services, they must treat all applicants equally and not discriminate between them. They must also be transparent in their dealings. Recommendation 15

Short title: eIDAS Regulation

Title: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC 

Status:

In force and transposed

The Electronic Identification and Trust Services (eIDAS) Regulation creates a new system for secure electronic interactions across the EU between businesses, citizens and public authorities.
It aims to improve trust in EU-wide electronic transactions and to increase the effectiveness of public and private online services and e-commerce. It applies to:
- electronic identification (eID) schemes notified to the European Commission by EU countries; and
- trust service providers based in the EU.
It removes existing barriers to the use of eID in the EU. For instance, it would now be straightforward for a Portuguese firm to tender for a public service contract in Sweden, while EU funding grants can be managed wholly online.

A revision of the eIDAS Regulation has been proposed, see: Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, URL: https://op.europa.eu/en/publication-detail/-/publication/5d88943a-c458-…
Recommendation 15

Short title and title: Commission Implementing Regulation (EU) 2015/1501 - eIDAS Regulation

Status:

In force and transposed

This Regulation lays down technical and operational requirements of the interoperability framework in order to ensure the interoperability of the electronic identification schemes which Member States notify to the Commission. Recommendation 15

Short title: European Directive on patients’ rights

Title: Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare

Status:

In force and transposed

The aim of this directive is to set out the conditions under which a patient may travel to another EU country to receive safe and high-quality medical care and have the cost reimbursed by their own health insurance scheme.
It also encourages cooperation between national healthcare systems.
Recommendation 15

Short title: Regulation on Interoperability in the field of police and judicial cooperation, asylum and migration.

Title: Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816

Status:

In force

This regulation aims to improve checks at the EU’s external borders, allow for better detection of security threats and identity fraud, and help in preventing and combating illegal immigration. Recommendation 15

Short title: Privacy and Electronic Communications Directive

Title: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Status:

In force and transposed

This Directive sets out rules to ensure security in the processing of personal data, the notification of personal data breaches, and confidentiality of communications. It also bans unsolicited communications where the user has not given their consent. Recommendation 15

Short title: NIS Directive

Title: Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union 

Status:

In force and transposed

This Directive proposes a wide-ranging set of measures to boost the level of security of network and information systems (cybersecurity) to secure services vital to the EU economy and society. It aims to ensure that EU countries are well-prepared and are ready to handle and respond to cyberattacks through:
- the designation of competent authorities,
- the set-up of computer-security incident response teams (CSIRTs), and
- the adoption of national cybersecurity strategies.
- It also establishes EU-level cooperation both at strategic and technical level.
Lastly, it introduces the obligation on essential-services providers and digital service providers to take the appropriate security measures and to notify the relevant national authorities about serious incidents.
Recommendation 15

Short title: eInvoicing Directive

Title: Directive 2014/55/EU of the European Parliament and of the Council of 16 April 2014 on electronic invoicing in public procurement 

Status:

In force and transposed

E-invoicing by a business in one EU country for work done for or goods delivered to a public authority in another has been hampered by problems of a lack of interoperability, i.e. incompatible e-invoicing systems in different countries.
The law applies to invoices falling within the scope of the public procurement directives (i.e. most contracts) but does not apply to contracts falling within the scope of Directive 2009/81/EC in the fields of defence and security, where the procurement and performance of the contract are declared to be secret or must be accompanied by special security measures.
Recommendation 15

Short title: Law Enforcement Directive

Title: Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA 

Status:

In force and transposed

This Directive aims to better protect individuals’ personal data when their data is being processed by police and criminal justice authorities. It also aims to improve cooperation in the fight against terrorism and cross-border crime in the EU by enabling police and criminal justice authorities in EU countries to exchange information necessary for investigations more efficiently and effectively. The Data Protection Directive for Police and Criminal Justice Authorities is part of the EU data protection reform package along with the General Data Protection Regulation (Regulation (EU) 2016/679). Recommendation 15
Short title: Regulation on Interoperability in the field of justice, freedom and security

Title: Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA
It aims to to improve checks at the EU’s external borders, allow for better detection of security threats and identity fraud, and help in preventing and combating illegal immigration. Recommendation 15

 Solution Description Associated Recommendation
BDTI logo

CEF Big Data Test Infrastructure

Big data test infrastructure (BDTI) helps public administrations improve the experience of the citizen, make government more efficient and boost business and the wider economy through big data. Big data is high-volume, high-velocity and high-variety information that requires new forms of processing to enable enhanced decision-making, insight discovery and process optimisation. Recommendation 15
Communication and Information Resource Centre for Administrations, Businesses and Citizens

CIRCABC

 CIRCABC (Communication and Information Resource Centre for Administrations, Businesses and Citizens) is an open-source, web-based application which enables geographically spread collaborative groups to share information and resources in private workspaces. Recommendation 15
Logo

Data models

The use of CISE specifications and data models, helps to ensure that public administrations are taking into account relevant EU recommendations on standards and specifications in the maritime domain and are seeking to make the approach consistent across borders. Recommendation 15
cef_edeliv

eDelivery 

The eDelivery Building Block helps public administrations to exchange data and documents via AS4 Access Points, based on the AS4 messaging protocol. This allows different parties to exchange electronic data and documents across sectors and borders through a secure eDelivery message exchange network. By connecting to an AS4 Access Point, a public administration can exchange electronic data and documents with any organisation connected to another Access Point in the network. The eDelivery Building Block also helps upgrade exisiting solutions so they can connect to eDelivery messaging networks through an Access Point.  Recommendation 15
cef_eID

eIDc

 The eID Building Block allows public administrations and private service providers to easily extend the use of their online services to citizens from other Member States, in line with the eIDAS Regulation.  Recommendation 15
EIRA 

EIRA 

 The European Interoperability Reference Architecture (EIRA©) is an architecture content metamodel defining the most salient architectural building blocks (ABBs) needed to build interoperable e-Government systems. The EIRA© provides a common terminology that can be used by people working for public administrations in various architecture and system development tasks. The EIRA© was created and is being maintained in the context of Action 2016.32 of the ISA² Programme. The EIRA uses (and extends) the ArchiMate language as a modelling notation and uses service orientation as an architectural style.  Recommendation 15
esignature

eSignature

The CEF eSignature Building Block allows public administrations, businesses, and citizens to electronically sign any document, anywhere in Europe, at any time, in line with the eIDAS Regulation for e-signatures, e-seals and related services offered by Trust Service Providers. Recommendation 15
etrustex

eTrustEx open source software package

 A cross-sector, open source tool that will help you to exchange structured and unstructured documents and to connect to pan-European e-delivery infrastructures with reduced investment. Recommendation 15

European Union
Location Framework Blueprint

The European Union Location Framework (EULF) Blueprint is a framework of recommendations and related guidance for publishing and using location information and applying interoperability principles in digital government. The EULF Blueprint was initially developed through the EULF project in the ISA programme. The content has been updated extensively through the European Location Interoperability Solutions for e-Government (ELISE) project, which is part of the ISA2 programme.  Recommendation 15
cise node

Service model

The CISE Network is a complex open computer network interfacing several EU countries, specifically, in the maritime data context. This network connects CISE nodes and legacy systems thought a special component called "The CISE Adaptor".

This document is a guideline to the CISE Service Model and to the software development of the CISE Adaptors. The intention is to provide a complete, precise and quick start documentation to be used fundamentally as a reference guide by the CISE Software Developers community of the EU Member States. Specifically, the objective is to make more easy the development, test, implementation and validation of CISE Adaptors.

Recommendation 15

 

 

IMAPS solution v1.2

IMAPS is a user-friendly online questionnaire, designed as a self-assessment tool to assist public service owners to evaluate key  interoperability aspects of their digital public service.

Not only can IMAPS be used to assess the interoperability of any public service – from open data portals, and e-voting platforms, to public procurement services, and much more – it is applicable to services at all levels of government (international, national, regional and local).

Recommendation 15

LIMAPS v1.0.0

This is the Beta version of the Legal Interoperability Maturity Assessment of a Public Service (LIMAPS) survey.

This Beta version of the LIMAPS Survey has been released on the 21 April 2020 on Joinup.

It is a user-friendly online questionnaire, designed as a self-assessment tool to assist public service owners to evaluate key legal interoperability aspects of their digital public service.

The current Beta version of LIMAPS (LIMAPS v1.0.0 Beta) is available at the EU survey portal: https://ec.europa.eu/eusurvey/runner/limaps-beta.

Recommendation 15
"."
PM² is a Project Management Methodology developed and supported by the European Commission. Its purpose is to enable project teams to manage their projects effectively and deliver solutions and benefits to their organisations and stakeholders. PM² is a light and easy to implement methodology suitable for any type of project. PM² has been custom developed to fit the specific needs, culture and constraints of EU Institutions, but also incorporates elements from globally accepted best practices, standards and methodologies. Recommendation 15