About regulating electronic identifications of public administrations

Author: TIC Salut Social / 17 of December of 2019

17 of December of 2019

On November 5, 2019, the Royal Decree-Law 14/2019, of October 31st, has been published in the BOE, where urgent measures are taken for reasons of public safety in the field of digital administration, procurement of the public sector and telecommunications. This ‘Royal Decree-Law’ aims to establish on the part of the State urgent measures concerning national identity documents; to the electronic identification before the public administrations; to the data that is open to the public administrations; to public procurement and to the telecommunications sector.

MODIFICATION OF LAW 39/2015, OF OCTOBER 1st, OF THE COMMON ADMINISTRATIVE PROCEDURE OF PUBLIC ADMINISTRATIONS.

In relation to electronic signatures, it is established that the interested parties may identify themselves with the Public Administrations with concerted key systems and any other system, which the Administrations consider valid in the terms and conditions established, provided that they have a previous registration as a user that allows guaranteeing his identity, with previous authorization by the General Secretariat of Digital Administration of the Ministry of Territorial Policy and Public Function.

Likewise, it establishes the obligation that the technical resources necessary for the collection, storage, processing and management of these systems are located in the territory of the European Union, and in the case of special categories of data in what is referred to in article 9th of the General Regulation on data protection, in Spanish territory.

MODIFICATION OF LAW 40/2015, OF OCTOBER 1st, OF LEGAL REGIME OF THE PUBLIC SECTOR

It is established that the information and communication systems for the collection, storage, processing and management of the electoral roll, the municipal censuses of inhabitants and other population registers, tax data related to own taxes or ceded and data of users of the national health system, as well as the corresponding personal data treatments, must be located and provided within the territory of the European Union. Also, except in cases provided by law, it is established that when the Public Administration of data transfer intends the subsequent processing of the same for a purpose that it considers compatible with the initial purpose, it must previously notify the public Administration assigning it. so that it can check this compatibility. The transferring public Administration may, within a period of ten days, objectively object. As long as the assigning Public Administration does not communicate its decision to the assignee, the assignee may not use the data for the new purpose.

MODIFICATION OF LAW 9/2017, OF NOVEMBER 8th, OF CONTRACTS OF THE PUBLIC SECTOR

It is established that in those contracts whose execution requires the transfer of data by public sector entities to the contractor, the contracting body must in any case specify in the contract file what the purpose of the Treatment of the data that must be ceded

In this sense, the pleadings must explicitly mention the obligation of the future contractor to comply with current data protection regulations.
Notwithstanding the provisions of Article 28.2 of the General Data Protection Regulation, in those contracts whose execution requires the processing by the personal data contractor on behalf of the person in charge of the processing, in addition the specifications shall state:

a) The purpose for which these data will be assigned.

b) The obligation of the future contractor to submit, in any case, to the national and European Union regulations regarding data protection, without prejudice to the provisions of the last paragraph of section 1 of article 202.

c) The obligation of the adjudicating company to present before the formalization of the contract a statement stating where the servers will be located and from where the associated services will be provided.

d) The obligation to communicate any changes that occur, throughout the life of the contract, of the information provided in the declaration referred to in point c) above.

e) The obligation of bidders to indicate in their offer, if they plan to outsource the servers or services associated with them, the name or the business profile, defined by reference to the conditions of professional or technical solvency, of the subcontractors to those who are going to entrust their accomplishment.

Finally, the ‘Royal Decree-Law’ includes a transitional regime in relation to the various modifications made.

Nou 'Real Decreto-Ley' publicat al BOE de 31 d'octubre

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_12072629_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Subscribe and receive news and updates

FlashTICSS newsletter

About the foundation

Constitution

Board of Trustees

Digital assets for citizens

Social area

Personalized digital attention

Professional skills

eHealth

Digital medical image

Social and health integration

Artificial intelligence

Interoperability

Active

Finished

Us

AIPD tool

e-Learning

Contact

Contact

News

Agenda

Visions

Newsletter

About regulating electronic identifications of public administrations

Author: TIC Salut Social / 17 of December of 2019

17 of December of 2019

Nou 'Real Decreto-Ley' publicat al BOE de 31 d'octubre