Civil society benchmarks

A future-proof register modernisation

by SUPERRR Lab

Download PDF

The German Register Modernisation Act is at the heart of administrative digitalisation in Germany. It aims to link together 51 public administration registers containing personal data and so form the basis for improved administrative services. It is therefore important, in addition to administrative requirements, to consider the expectations of the public right from the start – ranging from security aspects to availability right up to service orientation. As a wide-ranging, foundational project for long-term administrative digitalisation, it must also be set up for possible future changes.

This recommendation paper sets out a series of benchmarks that register modernisation and administrative digitalisation must meet to be socially responsible and sustainable. These benchmarks were developed during a workshop with IT, administration, data protection and design experts discussing current and future requirements for register modernisation and considering multiple scenarios.

1. Ensuring security

Personal data security is essential. It must be optimally safeguarded at all levels, e.g., through the consistent use of privacy-enhancing technologies in all sub-areas of the networked database and application systems.

  • Clear usage aim: The register modernisation must serve the improvement of administrative data quality and service quality. Any other use must be legally excluded and prevented technically insofar as is possible.
  • Data minimisation: Authorities should evaluate their data pools and ensure data minimisation before registers are linked together.
  • Safeguarding against external attacks: Consistent transport and storage encryption within the system should protect against external attacks. As cryptographic procedures can change rapidly, they must be auditable and upgradable in a system that is intended to be used for decades to come.
  • Minimal internal access: Unauthorised requests by persons with access rights cannot be excluded and has taken place repeatedly in other contexts. Access rights within the system must therefore be designed minimalistically according to differentiated roles and logged (least privilege principle).
  • Modularity and reversibility: The EU Single Digital Gateway regulation proposes linking national registers and offering cross-border provision of services. However, the composition of the EU member states is subject to change. It is therefore necessary that future systems are designed to be decentralised, modular and reversible.
  • Steering data flows: Governmental IT infrastructure is already subject to attacks and the take-over of an access point cannot be excluded. It must therefore be possible to rapidly and transparently limit the rights of individual accounts and entire public bodies to minimise data outflow and inflow ofincorrect data.

2. Ensuring transparency

An official digital administrative system cannot be a one-way mirror; it must instead offer the people whose data is being administrated the greatest possible transparency.

  • Reasons for access: In addition to access itself, the authority in question and the reason for the access must be documented wherever possible and displayed in the data protection dashboard. The reasons for a data query must therefore be verifiable in the system.
  • Ability to intervene: People need an option to intervene in the event of a data query, ideally actively before transfer takes place. People need a clear process to object to implemented data queries that they consider to be illegal. An external reporting office for incorrect queries would be appropriate in addition to technical appeal mechanisms.

3. Ensuring usability

The configuration of the database and application system must always be human-centric and sustainable.

  • Accessibility: All end applications must be designed for accessibility: Both for administrative personnel and for people whose data is being administrated. In addition to the consistent implementation of the EuropeanAccessibility Act, multilingual content should be considered from the outset.
  • Service-orientated: The benefits of the system for the people whose data is administrated are essential for the technical design and must be considered from the outset. Clear design principles apply here (“designing with the public at the centre”); applications must be tested at the earliest possible stage by different user groups and evaluated during ongoing operation.
  • Provide alternatives: Self-confidence and competence in handling digital applications is not a given, nor is the actual possession of an end device. Applications must be equally available for mobile devices and desktop PCs. It is also essential for social equality reasons to provide equivalent non-digital methods of accessing such public services.
  • Administration that empowers: A significant proportion of state services are not accessed as users are not aware of such entitlements. This occurs primarily due to lack of communication or ignorance about entitlements. Users and social agencies should be able to check entitlements proactively and automatically across departments and responsibilities using machine-readable services and based on their requirements (push principle).

4. Ensuring functionality

The networked database and application system, which is the goal of register modernisation, is critical infrastructure. Functionality must be ensured according to clear criteria.

  • Secure identification numbers: A permanent cross-application and cross-register identification number is already no longer state of the art. This is why technically mature concepts that do not require a central ID should now be tested and used.
  • High availability: The networked databases and their applications are a part of critical infrastructure. They must therefore meet the requirements of high availability; transparent documentation is necessary to check that this goal is achieved. This also applies explicitly for commercial service providers.
  • Distributed systems: Public registers must continue to be stored in a distributed system for reasons of resilience. This includes technical and physical separation, but also – should private sector players operate applications based on this or even host partial databases – a commitment to open source and the promotion of a diverse range of providers through binding open standards.

5. Outlook: Designing the digitalisation of public administration and services to benefit society

The diverse and, to some extent, the hardly foreseeable requirements faced by a major digital project such as register modernisation clearly show: For administrative digitalisation to be future-proof, it needs to be designed consciously, transparently and for the benefit of society. How to succeed:

  • Design digitalisation with added value: If the digitalisation of public administration and servicessimply digitises existing administrative processes, it will remain stuck in the past. We need to grasp this opportunity to evaluate processes, simplify themand make them adaptable to changing framework conditions.
  • Broader consideration of impact assessments: Digitalisation processes involving administration in particular require a technical, social and legal impact assessment in advance, with open, clear objectives and involve civil society and academia.
  • Evaluation of framework conditions: Historically applicable legal framework conditions may sometimes no longer be appropriate in the context of digital services. One example is the obligation to have a postal address which structurally prevents homeless people from accessing the benefits they are legally entitled to.
  • Clearly defined public and commercial tasks: Administrative digitalisation may mean tasks that were previously solely in state hands being transferred to private sector providers. This should not occur randomly; it requires a differentiated debate.

Regarding the benchmarks based on civil society

The benchmarks, using scenario-based risk assessments, were developed together with civil society and administrative experts, drawn up by SUPERRR Lab and funded by the Robert Bosch Foundation.

Participants: Bianca Kastl (InÖG e.V.), Kirsten Bock, Molly Wilson (Superbloom) and other IT and administration experts, together with Corinna Vetter, Elisa Lindinger, Quincey Stumptner and Sayda Elarabi (SUPERRR Lab).

Methodological preparation: Futures Probes.

Subscribe to our newsletter and don't miss any updates and events!

Impressum

Angaben gemäß §5 TMG
Superrr Lab SL gGmbH
Oranienstraße 58a
10969 Berlin

Registereintrag:
Eintragung im Handelsregister.
Registergericht: Berlin
Registernummer: HRB 207856 B

Datenschutzerklärung

Vertreten durch:
Julia Kloiber
Elisa Lindinger

Kontakt
Telefon: 030 98 44 42 00
E-Mail: hello@superrr.net

Umsatzsteuer-ID
Umsatzsteuer-Identifikationsnummer gemäß § 27 a Umsatzsteuergesetz: DE325412174

Verbraucher­streit­beilegung/Universal­schlichtungs­stelle
Wir sind nicht bereit oder verpflichtet, an Streit­beilegungs­verfahren vor einer Verbraucher­schlichtungs­stelle teil­zunehmen.