AD ALTA
JOURNAL OF INTERDISCIPLINARY RESEARCH
The only legal act defining the term public administration
electronic service is Act No. 275/2006 Coll. on Information
Systems of Public Administration (hereinafter referred as the
“ISPA Act”). In accordance with Section 2 (1) (s) of the ISPA
Act are public administration electronic services defined as
“electronic form of communication with liable parties
25
in the
handling of submissions, notifications, access to information and
their provision or public participation in the administration of
public affairs”.
It is necessary to point out that it is clear from the definition of
the term public administration electronic services pursuant to the
ISPA Act that the term in question does not apply only to
decisions relating to rights, interests protected by law and
obligations. The term in question defined in the ISPA Act
includes submissions, notifications, access to information and
their provision as well as public participation in the
administration of public affairs. It can be said that in the case of
the ISPA Act definition of the term public administration
electronic services, there is a wide range of acts that can be done
by persons in electronic communication with liable parties.
It is necessary to bear in our minds that not all public
administration electronic services are relevant in the context of
the eIDAS Regulation. Only those public administration
electronic services are relevant where the identification and
authentication of a person is required by use of an electronic
identification means to access such a service. In the Slovak
republic can be relevant at least those online services that we
authenticate with an electronic identity card.
26
4.2 Slovak online service
In order citizens of other Member States could use online
services provided by Slovak public sector bodies
(hereinafter
referred to as the “Slovak online services”), successful
authentication through their national electronic identification
means is required. The eIDAS Regulation does not explicitly
specify to which Slovak online services can citizens of Member
States authenticate themselves.
In my opinion, only those Slovak online services can be
considered where identification and authentication are required
and to which we can authenticate through the Slovak electronic
identity card.
As mentioned above, successful authentication into Slovak
online service by citizen of another Member State does not
automatically authorize him to use of such a service. The access
to online services and their final provision to the applicant is
connected with the right to use such services under the
conditions laid down in national law. In these cases, we talk
about authorization. Successful identification and authentication
is a prerequisite for authorization. Authorization is the
permission to act in accordance with the privileges that are
attached to that person.
In the light of aforementioned, it is necessary to select Slovak
online services in two ways. Firstly, it is necessary to define
Slovak online services where identification and authentication is
required. Secondly, Slovak online services that can be really
provided to citizens of other Member States have to be defined.
As mentioned before, in many cases a legitimate condition
(permanent residence, nationality, etc.) is established and such a
condition prevents actual provide of such a service.
27
25
The list of liable parties is stated in Section 3 (3) of the ISPA Act. These parties are
also known as administrators of information systems of public administration.
26
The most used official authenticator in the Slovak Republic is electronic identity
card. Such an authenticator is made up from identity card and electronic chip. More on
the issue of electronic identity card in: ANDRAŠKO, J.:
Elektronický občiansky
preukaz a iné spôsoby autentifikácie pri prístupe k elektronickým službám verejnej
správy. In QUAERE 2017. Hradec Králové: Magnanimitas, 2017, p. 235-244.
27
The conditions for using a particular Slovak online service by citizens of other
Member States must not be discriminatory. I advocate that we can restrict access to
Slovak online services for the purpose of determining the condition of permanent
residence, nationality, etc., if this is not contrary to European Union law.
4.3 Assurance levels
Security in public online services is one of the key factors
affecting the use of pertinent services. Security aspects do not
represent only a technical dimension but also a legal one.
According to the eIDAS Regulation, specific levels of assurance
(low, substantial or high) shall be established for:
a)
electronic identification means,
b)
public online service,
Ad a)
There is a methodology for determining the assurance for the
electronic identification means in the Slovak legal order, in
particular Annex no. 6 of Regulation No. 55/2014 Coll. on
Standards for Public Administration Information Systems
(hereinafter referred as the “Annex 6”).
28
Aforementioned legal
framework is out of date in the Slovak Republic and in contrary
to the eIDAS Regulation. The eIDAS does not contain
provisions that would interfere with the national methodology
for determination of the assurance levels. However, it would be
appropriate to repeal the Annex No. 6 and replace it with a new
methodology that would duplicate the methodology for
determination of the assurance level under the eIDAS
Regulation.
Ad b)
Under the third condition for mutual recognition of electronic
identification means, the relevant public sector body uses in
relation to access their online service assurance level substantial
or high. This condition implies that the relevant public sector
body and thus the Slovak online service provider is obliged to
set a specific assurance level for access to the online service. In
general, different assurance levels may be set for access to
different Slovak online services. The eIDAS Regulation does not
specify how the assurance level for a particular online service
should be determined. The procedure for determination of the
assurance level for access to the online service should be
regulated at national level.
In that regard, it is necessary to find out which electronic
identification means is used for purposes of identification and
authentication to a specific Slovak online service. After that, the
assurance level of electronic administration means will be set.
In practical terms, for Slovak online services where
authentication can be made only by an electronic identity card,
the assurance level will be set at a high level, as it can be
assumed that the Slovak electronic identity card should have the
highest assurance level according to the eIDAS Regulation.
Another situation can arise in cases where it is possible to
authenticate to particular Slovak online service by another means
(e.g. name and password). Here is a lower assurance level.
In the case if it is possible to authenticate to particular Slovak
online service by an electronic identity card (assurance level
high) and at the same time by another means (assurance level
substantial) the final assurance level is set according to the lower
level.
The eIDAS Regulation does not define specific entity which is
liable for determination of the assurance level to particular
online service. I believe that in the case of the Slovak Republic,
the entities in question should be the providers of Slovak online
services.
4.4 Sanctions
The legal order of the Slovak Republic will also have to deal
with the legal liability for non-compliance with the eIDAS
28
This methodology refers to the repealed Act No. 215/2002 Coll. on the Electronic
Signature and to amend and supplement certain acts and to the STORK (Secure
idenTity acrOss boRders linked) methodology, which refers to the repealed Directive
1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a
Community framework for electronic signatures.
- 12 -