Data Sovereignty and Trusted Online Identity – COVID-19 Vaccination Data – WS 03 2021

From EuroDIG Wiki
Jump to navigation Jump to search

29 June 2021 | 12:15-13:15 CEST | Studio C
Consolidated programme 2021 overview / Day 1

To follow the current discussion on this topic, see the discussion tab on the upper left side of this page


Final title of the session: Please send the final title as early as possible, latest until to wiki@eurodig.org. Do not edit the title of the page at the wiki on your own. The link to your session may otherwise disappear.

Working title: Data Sovereignty and Trusted Online Identity
Proposals: #10 #21 #92

You are invited to become a member of the session Org Team! By joining an Org Team, you agree to your name and affiliation being published on the respective wiki page of the session for transparency. Please subscribe to the mailing list to join the Org Team and answer the email that will be sent to you requesting your subscription confirmation.

Session teaser

Data Sovereignty and Trusted Online Identity

Online identities are the key for many digital services. Identification is essential to everything from identifying with health or government services, to traveling, to participating in social media. But who should control those IDs and how can we minimize the personal data exchanged to a minimum that is needed for the services?

Using the concrete example of COVID-19 vaccination data, we will discuss three possible scenarios regarding what to do (if anything) about know who, has or has not, been vaccinated:

Scenario 1: Private companies lead the effort.

Scenario 2: Government leads the way with a centralized public key infrastructure (e.g., EU-eIDAS).

Scenario 3: Hand some control to citizens (e.g., European Self Sovereign Identity Framework [ESSIF]).

Discussants from each of the stakeholder groups will kick off the conversation, which will hopefully help everyone gain a fuller understanding of the possibilities and limitations of various ways forward.

Session description

Until .

Online identities are the key for many digital services. From identifying with health or government services to managing a bank account or just participating in social media, from paying taxes to buying goods, end-users and consumers, identification is essential. But who should control those IDs and how can we minimize the personal data exchanged to a minimum that is needed for the services? The recent discussions about vaccination passports have highlighted that this discussion is at the center of the current debate. There are 3 approaches that we would like to discuss here:

Scenario 1: Private companies lead the effort. Private tech companies provide us with secure electronic identification including two factor security and biometric verification. However, this raises many privacy and data-sovereignty concerns. For example, the Swiss people recently voted against an eID-law that wanted to allow private companies to control the access to government services.

Scenario 2: Government leads the way with a centralized public key infrastructure (e.g., EU-eIDAS). EU-eIDAS regulation (as well as the Swiss ZertES law) have long ago established electronic identification based on a centralized public key infrastructure PKI that has reached very high adoption rates in some countries (e.g., Estonia) and low adoption rates in other countries (e.g., Germany).

Scenario 3: Hand some control to citizens (e.g., European Self Sovereign Identity Framework [ESSIF]). The EU-Commission has developed the European Self Sovereign Identity Framework ESSIF, that is handing some of the control back to the citizens and neither to centralized government service nor to private tech companies.

Format

Until .

The session will have three discussants who will have 4-5 minutes each to speak, followed by a discussion of the topic among discussants and attendees. Discussants represent a variety of actors (European Institutions, Academia, Companies, Users) with crossover experience in many cases, in the hopes of creating a rich discussion that takes into account the different views and circumstances of each stakeholder.

Further reading

Ethically Aligned Design Ethically Aligned Design, First Edition is a comprehensive report that combines a conceptual framework addressing universal human values, data agency, and technical dependability with a set of principles to guide A/IS creators and users through a comprehensive set of recommendations.

The following chapter on Personal Data and Individual Agency would be of particular interest.

People

Until .

Please provide name and institution for all people you list here.

Focal Point Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective Subject Matter Expert (SME) and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles

  • Kristin Little
  • Miguel Pérez Subías

Organising Team (Org Team) List Org Team members here as they sign up.

Subject Matter Experts (SMEs)

  • Polina Malaja
  • Jörn Erbguth

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

  • Kristin Little
  • Vittorio Bertola
  • Concettina Cassa
  • Constance Weise
  • Amali De Silva-Mitchell
  • Miguel Pérez Subías
  • Lucien Castex
  • Jutta Croll

Key Participants

Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance. Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.

Moderator

Clara Neppel - IEEE (Confirmed) Senior Director European Operations

Dr. Clara Neppel is responsible for the growth of IEEE’s operations and presence in Europe, focusing on the needs of industry, academia, and government. She serves as a point of contact for initiatives with regard to technology, engineering, and related public policy issues that help to implement IEEE’s continued global commitment to fostering technological innovation for the benefit of humanity. She contributes to issues regarding the technology policy of several international organizations, such as the OECD, European Commission, and Parliament or the Council of Europe. Dr. Neppel holds a Ph.D. in Computer Science from the Technical University of Munich and a Master in Intellectual Property Law and Management from the University of Strasbourg.

Discussants

Cecilia Alvarez - Facebook (Confirmed) Facebook´s EMEA Privacy Policy Director

Cecilia served as Pfizer's European Privacy Officer Lead from 2015 to 2019. She was also Pfizer Spain Legal Lead for an interim period. She formerly worked 18 years in the Spanish law firm Uría Menéndez, leading the data protection, IT and ecommerce areas of practice as well as the LATAM Data Protection Working Group.

Cecilia is the Chairwoman of APEP (Spanish Privacy Professional Association), the Spanish member of CEDPO (Confederation of European Data Protection Organisations) and a member of the Leadership Counsel of The Sedona Conference (W-6).

Jaana Sinapuro - SITRA (confirmed) Project Director, IHAN

Jaana Sinipuro is a Project Director at Sitra, the Finnish Innovation Fund. Sitra is “a think, do and connect tank” that collaborates with partners from different sectors to trial and implement bold new ideas that shape the future. The basis of Sitra’s work is a vision of Finland as a pioneer of sustainable well-being.

Jaana is an experienced ICT and management professional. She believes that the successful digital services of the future will be based on trust and create value for everyone. The Fair Data Economy project aims to set up European-level rules and guidelines for the economy where services and data-based products are created in an ethical manner. Fairness in the data economy means that the rights of individuals are protected, and the needs of all stakeholders are taken into account. Prior to IHAN®, she managed an extensive Digital Health HUB project creating a new operating model for a one-stop shop (“Findata”) for collecting and distributing well-being data.

Before joining Sitra, Jaana worked as a Senior Advisor at SAS Institute, a business analytics company. She is a certified Enterprise Architect with over 20 years of experience within data, analytics and knowledge management.

Jaana is a dialogue-loving doer, dog-owner and loves horses, her garden and boating around her 130-year-old wooden house in the Finnish Archipelago

In Twitter you'll find her and her projects @jsinipuro #fairdata #isaacus #IHAN @sitrafund

Nishan Chelvachandran - Iron Lakes (confirmed) Founder and CEO Chair, Trustworthy Technical Implementations of Children’s Online/Offline Experiences Industry Connections Activity, IEEE Standards Association

Nishan Chelvachandran is the Founder of Iron Lakes (Finland), a cyber impact consultancy specialising in providing expertise from the conflux of technology and humanity, with clients and partners from across the world, ranging through private business, NGO’s and Governments. He is also a Director at Future Memory Inc (Canada); a creative and speculative design consultancy that pressure tests and anticipates undesirable futures to avoid harmful, unethical or negative consequences. He is a High-Level cybersecurity adviser, strategist, published author, researcher, and former UK Police Officer, with years of experience built on the strong foundations of bespoke operational activity in the UK Public Sector. Nishan spent 6 years as one of the UK National leads for Diversity in Policing, driving equity throughout the Police in the UK.

Nishan specialised in fields such as Digital Transformation, Digital Intelligence Forensics, Cybercrime, Cyberoperations and Cyberwar, Surveillance, and Intelligence. Nishan’s research interests include Big Data keyword and behavioural analytics, jurisdictional and legislative affairs relating to cyber-operations and cyber-warfare, ethical frameworks for mass and automated data surveillance, profiling and decision-making, IoT, AI and it’s ethical and responsible use and design, and Data Use and Privacy. He is an advisor in AI Commons, and an Ambassador for the Xprize Pandemic Alliance. He is actively engaged in the Cybersecurity and Impact Tech Space. A thought leader in the Cyber sector, He is actively driving the UN’s Sustainable Development Goals agenda and initiatives involving AI for Good.


Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.

Reporter

Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Next meeting of the working group on Friday 23 April at 18:00 CEST Items we will be taking care of leading up to the meeting: -Confirm speakers -Confirm 100% online -Add information to wiki on our invited speakers as we find out who is confirmed.

Messages

A short summary of the session will be provided by the Reporter.

Video record

Will be provided here after the event.

Transcript

Will be provided here after the event.