Identity Management and Data Sharing in the European Union Benoît Otjacques, Patrik Hitzelberger, Fernand Feltz Centre de Recherche Public – Gabriel Lippmann, L-4422 Belvaux, Luxembourg {otjacque, hitzelbe, feltz}@lippmann.lu Abstract Citizens and enterprises in the European Union benefit from a common internal market and other freedoms. The resulting and growing mobility and cross-border collaboration necessity leads to specific challenges for e-Government applications. This article presents the results of a study run by Luxembourg’s Presidency of the EU during the first half of 2005. This study investigated one central aspect in this area: How do countries identify their citizens and businesses, and what are their national provisions regarding data protection and privacy that limit and regulate the sharing of such data? In more technical terms: What is the impact of identity management and related privacy issues on the interoperability of e-Government systems? The status quo in 18 member states is illustrated, and compared with the results of a similar study run in 2001. We present a general model for describing the framework of identity management in cross-border contexts. . 1. Introduction Organizational background. The European Union (EU) currently consists of 25 member states. The EU Presidency is an official EU activity where each country in the EU takes it in turns to act as President of the EU for a six-month period. The role of the Presidency is to achieve a set of political and other objectives for the development of the EU. The country presiding organizes meetings and activities of the numerous formal and semi-formal institutions and groups in the Union. The “European Public Administration Network” (EPAN) is one of these, and it comprises a working group on e-Government. During Luxembourg’s Presidency in the first half of 2005, this working group ordered a study to investigate the identification of citizen and enterprises and related data protection issues in the EU. In the identification phase, the study aimed to get an update of a study carried out by the Belgian presidency in 2001 1 – hence before the accession of ten new member states to the EU in 2004. The subject of the study. The general issue of the study was the interoperability of e-Government systems. Interoperability and cooperation can be regarded as enablers of the integration of e- Government applications [7]. A prerequisite (or, according to Scholl [10], the “ultimate goal”) of any integrated, collaborating systems and organizations is the sharing of information or data. It is self-evident that such sharing is only possible when the identification of the entities the data describes is well understood. There are numerous other aspects of interoperability and data sharing, (cf. e.g., [10]), but the study focused on the identification and related data protection issues only. Identification and identifiers. Information systems involve data about “entities”. Chen’s [1] definition of entity was: “a ‘thing’ which can be distinctly identified”. In public administration, the intrinsic entities treated are natural persons (human beings) and legal persons (in the context of the study: commercial entities). The general notion “identity” of such persons is vague, and would require philosophical and psychological discussions that go beyond the scope of this article. The term “identification” can be defined in a more pragmatic way. We adopt Clarke’s definition for human beings (which can be adopted for legal persons as well): “human identification is the association of data with a particular human being”. [2]. In order to do this association, one can use numerous means, such as appearance, name, behavior, codes and so on. In any case, we define this means of identification as identifier. For administrative purposes, the requirements regarding identifiers in terms of manageability, technical features and other parameters are a lot different from those in daily life. In our context, we limit the scope of identifiers to specific data sets bound to persons. Figure 1 illustrates that these data sets represent a 1 This study is currently not publicly available Proceedings of the 39th Hawaii International Conference on System Sciences - 2006 1 0-7695-2507-5/06/$20.00 (C) 2006 IEEE