Data Sovereignty and Trusted Online Identity – COVID-19 Vaccination Data – WS 03 2021: Difference between revisions

From EuroDIG Wiki
Jump to navigation Jump to search
Line 10: Line 10:
'''Data Sovereignty and Trusted Online Identity: COVID-19 Vaccination Data'''
'''Data Sovereignty and Trusted Online Identity: COVID-19 Vaccination Data'''


Online identities are the key for many digital services. Identification is essential to everything from identifying with health or government services, to traveling, to participating in social media. But who should control those IDs? and how can we minimize the personal data exchanged to a minimum that is needed for the services?  
Online identities are the key for many digital services. Identification is essential to everything from identifying with health or government services, to traveling, to participating in social media. But who should control those IDs and how can we minimize the personal data exchanged to a minimum that is needed for the services?  


Using the concrete example of COVID-19 vaccination data, we will discuss three possible scenarios regarding what to do (if anything) about knowing who has, or has not, been vaccinated:
Using the concrete example of COVID-19 vaccination data, we will discuss possible approaches regarding who should be in control of the data--private companies, government, or citizens--in different scenarios.
 
'''Scenario 1:''' Private companies lead the effort.
 
'''Scenario 2:''' Government leads the way with a centralized public key infrastructure (e.g., EU-eIDAS).
 
'''Scenario 3:''' Hand some control to citizens (e.g., European Self Sovereign Identity Framework [ESSIF]).
 
Discussants from each of the stakeholder groups will kick off the conversation, which will hopefully help everyone gain a fuller understanding of the possibilities and limitations of various ways forward.


== Session description ==  
== Session description ==  

Revision as of 16:32, 14 May 2021

29 June 2021 | 12:15-13:15 CEST | Studio C
Consolidated programme 2021 overview / Day 1

To follow the current discussion on this topic, see the discussion tab on the upper left side of this page


Final title of the session: Please send the final title as early as possible, latest until to wiki@eurodig.org. Do not edit the title of the page at the wiki on your own. The link to your session may otherwise disappear.

Working title: Data Sovereignty and Trusted Online Identity
Proposals: #10 #21 #92

You are invited to become a member of the session Org Team! By joining an Org Team, you agree to your name and affiliation being published on the respective wiki page of the session for transparency. Please subscribe to the mailing list to join the Org Team and answer the email that will be sent to you requesting your subscription confirmation.

Session teaser

Data Sovereignty and Trusted Online Identity: COVID-19 Vaccination Data

Online identities are the key for many digital services. Identification is essential to everything from identifying with health or government services, to traveling, to participating in social media. But who should control those IDs and how can we minimize the personal data exchanged to a minimum that is needed for the services?

Using the concrete example of COVID-19 vaccination data, we will discuss possible approaches regarding who should be in control of the data--private companies, government, or citizens--in different scenarios.

Session description

Until .

Online identities are the key for many digital services. From identifying with health or government services to managing a bank account or just participating in social media, from paying taxes to buying goods, end-users and consumers, identification is essential. But who should control those IDs and how can we minimize the personal data exchanged to a minimum that is needed for the services? The recent discussions about vaccination passports have highlighted that this discussion is at the center of the current debate. There are 3 approaches that we would like to discuss here:

Scenario 1: Private companies lead the effort. Private tech companies provide us with secure electronic identification including two factor security and biometric verification. However, this raises many privacy and data-sovereignty concerns. For example, the Swiss people recently voted against an eID-law that wanted to allow private companies to control the access to government services.

Scenario 2: Government leads the way with a centralized public key infrastructure (e.g., EU-eIDAS). EU-eIDAS regulation (as well as the Swiss ZertES law) have long ago established electronic identification based on a centralized public key infrastructure PKI that has reached very high adoption rates in some countries (e.g., Estonia) and low adoption rates in other countries (e.g., Germany).

Scenario 3: Hand some control to citizens (e.g., European Self Sovereign Identity Framework [ESSIF]). The EU-Commission has developed the European Self Sovereign Identity Framework ESSIF, that is handing some of the control back to the citizens and neither to centralized government service nor to private tech companies.

Format

Until .

The session will have three discussants who will have 4-5 minutes each to speak, followed by a discussion of the topic among discussants and attendees. Discussants represent a variety of actors (European Institutions, Academia, Companies, Users) with crossover experience in many cases, in the hopes of creating a rich discussion that takes into account the different views and circumstances of each stakeholder.

Further reading

Ethically Aligned Design Ethically Aligned Design, First Edition is a comprehensive report that combines a conceptual framework addressing universal human values, data agency, and technical dependability with a set of principles to guide A/IS creators and users through a comprehensive set of recommendations.

The following chapter on Personal Data and Individual Agency would be of particular interest.

People

Until .

Please provide name and institution for all people you list here.

Focal Point Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective Subject Matter Expert (SME) and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles

  • Kristin Little
  • Miguel Pérez Subías

Organising Team (Org Team) List Org Team members here as they sign up.

Subject Matter Experts (SMEs)

  • Polina Malaja
  • Jörn Erbguth

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

  • Kristin Little
  • Vittorio Bertola
  • Concettina Cassa
  • Constance Weise
  • Amali De Silva-Mitchell
  • Miguel Pérez Subías
  • Lucien Castex
  • Jutta Croll

Key Participants

Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance. Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.

Moderator

Clara Neppel - IEEE (Confirmed)

Senior Director European Operations

Dr. Clara Neppel is responsible for the growth of IEEE’s operations and presence in Europe, focusing on the needs of industry, academia, and government. She serves as a point of contact for initiatives with regard to technology, engineering, and related public policy issues that help to implement IEEE’s continued global commitment to fostering technological innovation for the benefit of humanity. She contributes to issues regarding the technology policy of several international organizations, such as the OECD, European Commission, and Parliament or the Council of Europe. Dr. Neppel holds a Ph.D. in Computer Science from the Technical University of Munich and a Master in Intellectual Property Law and Management from the University of Strasbourg.


Discussants

Cecilia Alvarez - Facebook (Confirmed)

EMEA Privacy Policy Director

Cecilia Álvarez Rigaudias is the EMEA Privacy Policy Director at Facebook since March 2019. From 2015 to 2019, she served as European Privacy Officer Lead of Pfizer, Vice-Chair of the EFPIA Data Protection Group and Chairwoman of IPPC-Europe. For an interim period, she was also the Legal Lead of the Spanish Pfizer subsidiaries. She formerly worked 18 years in a reputed Spanish law firm, leading the data protection, IT and e-commerce areas of practice as well as the LATAM Data Protection Working Group.

Cecilia was the Chairwoman of APEP (Spanish Privacy Professional Association) until June and currently in charge of its international affairs. She is also the Spanish member of CEDPO (Confederation of European Data Protection Organisations) and member of the Leadership Council of The Sedona Conference (W-6).

She is a member of the Spanish Royal Academy of Jurisprudence and Legislation in the section of the Law on Technologies of the Information and the Knowledge as well as Arbitrator of the European Association of Arbitration (ITC section).

She formed part of the Volunteer Group of Privacy Experts of the OECD (Working Party on Information Security and Privacy; WPISP) in charge of the 2013 review of the OECD guidelines governing the protection of privacy and transborder data flows of personal data. She formerly participated in the Group of Experts selected by the Spanish DPA to prepare the Madrid Resolution on International Privacy Standards in 2009.

Cecilia has written numerous publications on data protection and regularly lectures on data protection, IT and e-commerce at different Master’s programmes and seminars.


Jaana Sinapuro - SITRA (confirmed)

Project Director, IHAN

Jaana Sinipuro is a Project Director at Sitra, the Finnish Innovation Fund. Sitra is “a think, do and connect tank” that collaborates with partners from different sectors to trial and implement bold new ideas that shape the future. The basis of Sitra’s work is a vision of Finland as a pioneer of sustainable well-being.

Jaana is an experienced ICT and management professional. She believes that the successful digital services of the future will be based on trust and create value for everyone. The Fair Data Economy project aims to set up European-level rules and guidelines for the economy where services and data-based products are created in an ethical manner. Fairness in the data economy means that the rights of individuals are protected, and the needs of all stakeholders are taken into account. Prior to IHAN®, she managed an extensive Digital Health HUB project creating a new operating model for a one-stop shop (“Findata”) for collecting and distributing well-being data.

Before joining Sitra, Jaana worked as a Senior Advisor at SAS Institute, a business analytics company. She is a certified Enterprise Architect with over 20 years of experience within data, analytics and knowledge management.

Jaana is a dialogue-loving doer, dog-owner and loves horses, her garden and boating around her 130-year-old wooden house in the Finnish Archipelago

In Twitter you'll find her and her projects @jsinipuro #fairdata #isaacus #IHAN @sitrafund


Nishan Chelvachandran - Iron Lakes (confirmed)

Founder and CEO, Iron Lakes;

Chair, Trustworthy Technical Implementations of Children’s Online/Offline Experiences Industry Connections Activity, IEEE Standards Association

Nishan Chelvachandran is the Founder of Iron Lakes (Finland), a cyber impact consultancy specialising in providing expertise from the conflux of technology and humanity, with clients and partners from across the world, ranging through private business, NGO’s and Governments. He is also a Director at Future Memory Inc (Canada); a creative and speculative design consultancy that pressure tests and anticipates undesirable futures to avoid harmful, unethical or negative consequences. He is a High-Level cybersecurity adviser, strategist, published author, researcher, and former UK Police Officer, with years of experience built on the strong foundations of bespoke operational activity in the UK Public Sector. Nishan spent 6 years as one of the UK National leads for Diversity in Policing, driving equity throughout the Police in the UK.

Nishan specialised in fields such as Digital Transformation, Digital Intelligence Forensics, Cybercrime, Cyberoperations and Cyberwar, Surveillance, and Intelligence. Nishan’s research interests include Big Data keyword and behavioural analytics, jurisdictional and legislative affairs relating to cyber-operations and cyber-warfare, ethical frameworks for mass and automated data surveillance, profiling and decision-making, IoT, AI and it’s ethical and responsible use and design, and Data Use and Privacy. He is an advisor in AI Commons, and an Ambassador for the Xprize Pandemic Alliance. He is actively engaged in the Cybersecurity and Impact Tech Space. A thought leader in the Cyber sector, He is actively driving the UN’s Sustainable Development Goals agenda and initiatives involving AI for Good.


Pēteris Zilgalvis - European Commission (confirmed)

Head of Unit, Digital Innovation and Blockchain, Digital Single Market Directorate, DG CONNECT;

Co-Chairman of the European Commission Task Force on Financial Technology

Pēteris Zilgalvis, J.D. is the Head of the Startups and Innovation Unit at the Directorate General Communications Networks, Content and Technology (DG-Connect). He is also Co-Chairman of the European Commission Task Force on Financial Technology. He was the Visiting EU Fellow at St. Antony’s College, University of Oxford for 2013-14, where is a Senior Member and Associate of the Political Economy of Financial Markets Programme. From 1997 to 2005, he was Deputy Head of the Bioethics Department of the Council of Europe, in its Directorate General of Legal Affairs. In addition, he has held various positions in the Latvian civil service (Ministry of Foreign Affairs, Ministry of Environment).

Previously, he was Senior Environmental Law Advisor to the World Bank/Russian Federation Environmental Management Project and was Regional Environmental Specialist for the Baltic Countries at the World Bank. He has been a member of the California State Bar since 1991, completed his J.D. at the University of Southern California, his B.A. in Political ScienceCum Laude at UCLA, and the High Potentials Leadership Program at Harvard Business School. A recent publication of his is “The Need for an Innovation Principle in Regulatory Impact Assessment: The Case of Finance and Innovation in Europe” in Policy & Internet.


Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.

Reporter

Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Next meeting of the working group on Friday 23 April at 18:00 CEST Items we will be taking care of leading up to the meeting: -Confirm speakers -Confirm 100% online -Add information to wiki on our invited speakers as we find out who is confirmed.

Messages

A short summary of the session will be provided by the Reporter.

Video record

Will be provided here after the event.

Transcript

Will be provided here after the event.