On May 31 of 2021 ACA-Europe conducted the colloquium on ReNEUAL II. It was the last event of the German presidency of 2018 - 2021. The colloquium had been planned to take place in May 2020 but was postponed by one year due to the Covid-19-pandamic. The hopes which had accompanied the postponement in 2020, namely the one of holding the colloquium in presence, were disappointed. Yet, after a year of pandemic digital skills all over Europe were well enough developed to conduct the colloquium online. After the documentation seminar in April 2021 it was the second ACA-Europe remote event of this kind in the history of the association.
The digital conduct of the colloquium is bridging the gap to its contents. Like in the first seminar of the German presidency of ACA-Europe the last event - the colloquium - was afilliated with the ReNEUAL project. In the ReNEUAL project (Research Network on EU Administrative Law) legal scholars and practitioners elaborated model rules for an EU Administrative Law de lege ferenda using the methods of comparative law with a view to finding not the average solution, but the supposedly best or most appropriate solution.
The seminar ReNEUAL I and the colloquium ReNEUAL II were not designed to modify these model rules. They strived for applying the same methods the ReNEUAL project has used to the national laws of administrative procedure. The answers gathered form an immense pool of legal traditions and ideas which are worth a closer look. This look will allow all participants in the seminar and all consumers of its results to learn from one another.
The colloquium ReNEUAL II focussed on Book VI of the ReNEAUL-draft treating the Administrative Information Management. It was thus also linked to the ACA-Europe The Hague colloquium of 2018 in which the need to concentrate more on technical developments was formulated. 26 members had treated a demanding questionnaire and turned in their answers based on their national legislation or administrative practice. An overview and summary of the compound of answers can be found in the General Report to the colloquium. During the colloquium two panels were conducted. Panel I focussed on Specific Working Environments which allow for the transfer or the sharing of data. Panel II treated Specific Safeguards with an aim to protecting the citizens rights with regard to data protection.In the first panel the Estonian representative explained the concepts of X-tee and X-Road. They use a unified layer to exchange data between the databases. This was established by a regulation of the Government of the Republic of Estonia. In order to become a member of X-tee and enjoy the possibility of data exchange, a database has to be registered in the previously mentioned administration system of the state information system. There, the members of X-tee describe the data they share and other members can use that data based on an agreement. To guarantee the security of the data exchange, X-tee employs authentication, multi-level authorisation, a high-level system for processing logs, and data traffic that is encrypted and signed. In addition, the X-Road software solution based on X-tee is implemented in Finland, Kyrgyzstan, Faroe Islands, Iceland, Japan and other countries. Two X-Road systems can also be joined together to enable cross-border data exchange, as it has been done between Estonia and Finland since 2018.
The French representative introduced the audience to the FranceConnect platform. This platform offers to its users a safe way to produce a unique identity which can be used vis-à-vis different public or private entities without having to prove the identity with regard to everyone of these participants. Thus, this system facilitates easy access to a large group of public and private partners in a secured environment.
In the second panel the Dutch representative presented the Dutch model of a so-called Single Contact Point. This was promoted by a decision of the Dutch Court of Auditors and supported by the Dutch parliament. At the core of this concept is the establishment of an authoritative central reporting point where citizens are able to report and resolve problems with the basic registrations. This provision should also be able to actively accompany and support the rectification of incorrect data. The motion was unanimously accepted by Parliament and will thus lead to a single provision where citizens can report problems with basic registrations and correct errors.
In the final motion the Irish representative reported on the so-called Personal Data Access Portal which allows citizens to view personal data relating to him or held by a public body, together with the information relating to that personal data referred to in Article 15 of the GDPR. Also, this concept allows a citizen to view information in relation to the personal data breaches, if any, which affect his or her personal data, and in respect of which a notification has been made for the purposes of Article 34(1) of the GDPR, to view a copy of a data-sharing agreement under which his or her personal data has been disclosed between public bodies, and, finally, to send a request to a public body in relation to the exercise by him or her of the rights provided for in Articles 15, 16, 17, 18, 19, 20 and 21 of the GDPR.
The colloquium displayed that in many EU member states concepts about data sharing as well as safeguards to protect the cititzens’ data protection rights have been developed to a degree which had not been expected. It must be welcomed to see that many of these concepts have the purpose of feasibility, so that especially the safeguard do not only exist on paper, but are manageable for the respective citizen. Yet, it is also clear that the path to walk in the digitalisation of public administration is a long one and that ACA-Europe will be well advised to return to this topic in the future.