The government of Romania should shore up its eID data protection rules, says the Association for Technology and Internet (Asociația pentru Tehnologie și Internet, APTI), following its analysis of the latest government proposals. “The documents raise more questions than answers”, the NGO writes.
APTI wants the government to clarify who has access to personal data, and why information on eID card use is collected. The NGO says the government has failed to do an impact assessment on the collection of eID user data.
The group also worries the eID card might not be limited to government related operations. “We would not be surprised if the eID card will become mandatory for online purchases”, APTI writes on 21 March. The group points out that for offline purchases, identification and authentication is not required.
In addition, the group criticised a government proposal to overhaul the healthcare smart card. “Given that 40% of the population does not use the Internet, this could be a waste of money”, APTI writes.
On 28 March, the group published a list of 42 questions, dealing with privacy concerns, security, and costs and benefits.
The government plans to issue new eID cards by mid 2018. Increased security to fight identity theft is one the key reasons for the overhaul of eID cards, the Ministry of the Interior said, the Cetăţeanul news site reports.
More information:
APTI statement (in Romanian)
APTI statement (in Romanian)
Cetateanul news item (in Romanian)