 So, I take the first question, Dave. Hi, I'm Dale Sondland. I'm Deputy Data Protection Commissioner. I do both of your presentations. Thank you, Sim, especially for outlining what you're doing at Stony. I'm pleased to say I'm traveling to Stony next week for your data protection conference. So I'm very excited after seeing that. I think it's very positive, progressive, what you're doing. And I was really interested to hear you say, talk about trust of citizens and transparency for citizens. I think the debate we've had in Ireland over the last week draws out the essential aspect of transparency about how data is collected, processed and used across government for very legitimate reasons which you've talked to us about. And that's where, as the regulator here in Ireland, we're coming from. So I wonder, could you elaborate a little further about how you achieved that transparency for the citizens, please? Well, it all starts really from, I guess, the principle that we all actually are to share, right, which is really that people always own the data, us as governments, we own custodians, right, in a particular information system setting. And for us that meant a few things. Well, first of all, we said, okay, well, what's the, how to actually make this happen, that it wouldn't be just, let's say, high-flying legal principle and, you know, and I could effectively get that sort of, you know, I could get it affected through the weeks of procedure through data protection agencies. But actually, is it actually a technical trick? We could also enable this immediately. And that's why we built it into the systems themselves. Yes, in my health record, in our patient portal, I can go in and I can, so exactly as a logbook function, I see who has been, let's say, looking into my data and stuff. If I then have a problem with it, then I'll go exactly to your colleagues in the country and the regular process follows. Similarly, in our case, of course, we do also have to follow that data can only be used if, you know, for a specific purpose. But then again, we've used the law a lot to define the purpose a bit more widely perhaps. And that's also what we see like a public consent. If the regulation allows us for data sharing, then we have a good legal framework to do that with, right? But secondly, we then give still people the option to opt out. If they don't like it happening again, they can basically go into online service themselves and stop this very briefly. In our electronic health record, again, for example, for every medical bit about my case, I can say, block this to the next doctor or block this to my wife, even then. Because now in my case, she has the authorization to view my things that act on my behalf if necessary. But again, I have the actual effective control bit by bit in that sense, you know, what is really happening with my data. So that sort of is where we come from and then how we like that. We now like to bring this to all of the data that has about us, exactly in the GDPR, sort of fashion and sense. Barry, would you like to come in there? Yeah, I think I guess one of the difficulties about the debate that we've had this week is it's a little bit chicken and egg. I mean, you have to earn the right to share citizen's data and you have to earn their trust. And where we're trying to go with the government strategy is exactly along the road that Estonia have travelled and other countries across Europe that people should be able to log on to a portal using their MyGov ID and see all the data that we hold about them and how that data has been used. Unfortunately, because the argument has been either not fully articulated or improperly represented, take your pick, we have a situation where people don't understand that this is actually a driver to achieve that. So when you hear people writing in the papers or saying in the media, but I know a case of a guard looking at information that they should have done or someone in welfare looking at the information they should have done, they're losing the point that it's the ability to create an audit trail of those accesses will stop those people looking at data and will therefore increase that level of trust. I used to think it was very ironic that all the major data breaches came from manual systems and yet the view of the public they've been led to believe is that joining up data electronically will actually increase the number of data breaches but yet we don't really get electronic data breaches and we don't get them where the systems are fully transparent and that's where we've got to go to. Thank you. My name is Owen O'Dell. I'm an Associate Professor of Law and Trinity. I had what I thought was a very good question but Dale just asked. So I'm going instead to ask two small questions. One to Paul, just picking up Barry's point, which is how have the rest of the Nordics and Baltics responded to the recent data breaches claiming to government ministers in Sweden? And secondly, a question for Sim, which is, is there something to be said that Estonia was able to do what it did because of its size, that it was able to do it because it was small, that it would have been a much harder job to do if it were bigger, that's why perhaps it hasn't happened in Sweden, sorry, in Finland, the example that you gave, and why it might be so difficult to make it happen 100 times bigger or 200 times bigger on the EU scale. So data breach in Sweden how do you grow from Estonia bigger? The question to me was about Sweden. I think we, I mean, all our countries have both discussions and challenges and there have been media reports on breaches that have been, that should have been there. We've had in the health sector discussions about outsourcing of information. Is this patient information or not? How many people have seen it? Would it be safer to do it in the country and not outside? What are the rules and regulations on this? So that I think we, it's a trust challenge for our government because although I agree completely that things are basically safer in managed electronic system where you have implemented these security safeguards, the perception is that changing things creates a new risk and is becoming more complicated and it's our job to gain the trust and to show that and not make the mistakes too. And when they happen be completely open and transparent when it comes to what has happened and what we are going to do about it. One side of having an election next week is that there's now a debate at home on data breaches when it comes to election security. We do not have the Estonian system of we decided not to have that because we want people to be in the voting booths but there is equipment connected to the internet for counting the pieces of paper and so on. And in a way it's a bit lucky we don't have completely electronic elections now because there have been raised some questions on the security in the counting system. So I think the last decision now is that there will be a manual count in addition to the electronic count to be completely sure. All the experts on security or most of them say that the risk is low. This is kind of a chain of different things and very much has to go wrong for there to be a major problem and then you would see it because there would be something strange with the results. But I mean this is a trust thing and it's getting more and more important for us to convince people that this is safe and I mean we have to do that and I think we'll be completely able to do it. And of course the consequences when something goes wrong it's easy for IT people to say that well it's safer than the manual system. The consequences when things are wrong are very dramatic in a digital system because you can reach very widely in a very short time. So I think all our governments are very into cybersecurity at the moment and working on that. Thank you Paul. Stay in there. Just very briefly continue and I'll get to the second question you had. But I think in a good way at least when it comes to this actually the CIO community among countries we all try to learn from each other's mistakes as well. Like Keeling let's say actually trying to sort of see the things that went wrong in Sweden or other places. And I mean not commenting on Sweden now but overall what we see and this is a more general point I mean usually incidents happen not because of technological failures although they can happen too but it's really let's say human errors or even sort of lack of lack of what I would say lack of right activity or basically it's something they neglect to do. That's what I cry. The other island next door was so badly infected just upgrade the bloody windows environment for example. So that's that. Okay so the second point the interesting thing is that when we actually look at governments especially I would argue of course in the European Union setting we are actually very similar size in terms of the functions we carry out so the things we do. We bold to say this is we work with a number of countries you know exchange practice and experience and again taking UK for example when they mapped their services out when GDS and the cabinet office was in full swing then you know we took a look and we compared actually we run about the same number of things we do right so and so the scale of our operations in the sort of scope of them so that means effectively the digitization challenge in the processes we have to change is very similar. The difference the size gives is the number of lines in the database and that's pure computing power but size might also mean other things the bigger the country usually the more complex the governance and the complexity of decision making is really what does the trick and the change right so how easy it is to basically agree on things and secondly I guess in the other factories it's so yeah how much is there a willingness to take risks with you mentioned so to try things out even if you're on a limited scale and then get going from that so that I see is a bigger differentiator readiness basically to make decisions and the risk that goes with that or not Johnny My name is Johnny Ryan I work at a company called Page Fair it's hopefully a progressive ad tech company those words don't always go together I have a question that's a design question I think it's also a privacy question and it comes from both GDPR and the privacy regulation in the GDPR there is scope for the commission to adopt a delegated act on iconography and this is supposed to produce standardized icons that educate the public about their rights and should in theory make the user experience of actually having real privacy choices work across the web so I'm getting into a detail I recognize it's a small detail I can see from inside the online media and advertising industry that there is I think a movement in the direction of the industry being quite happy to come up with bad options just like with the ePrivacy Directive they'll be quite happy if there are things that don't work very well but work just enough and if one were to wait for industry to come up with solutions to the iconography huge design challenge that could make the web work or not work one would be waiting a long time and so what I wonder is rather than wait for them to complete their game of chicken which they're now playing what is happening there and it seems to me that the success of GDPR and partly, actually majorly of the privacy regulation when it appears is going to rely on this design challenge and that would be a very very good focus for people to be thinking and talking about six months ago and maybe they are but no one I know in industry is aware of it and I'm not either and I know it's a detail but I think it's important but you are indeed I have to now order to my memory have all the articles in my place it was more of a comment a question I would agree in the sense that both what the GDPR and the privacy want to do is that they want to enforce privacy by design essentially these are the measures that we try to push the fact that by design browsers are set in a way that they protect people's private data and people have always right to opt out from these settings but they then need to make a click somewhere some service providers won't like it because they think that it hinders the ability that they now have set up their market designs to advertise gather money from advertisements or whatever but I think the main principle should be non-changeable that we have privacy by design we can talk about the technical details to make it work I'm not the one who believes that Europe as an entity should now come up with privacy markers I think it would be best if the private sector itself could self-regulate and perhaps think about something but we have the ability and in the GDPR to act if the private sector does not do that you call it a chicken game we'll see we still have a bit less than a year when GDPR kicks in what we are now trying to do is to make sure that once the deadline is reached then it isn't like we should start running but actually the track is not there the track should be there in this sense you're right and I think what we are now looking very keenly the science from industry how they plan to implement these minor details but I think you're right very important details for basic user so that they can whenever they go to digital space they have these markers that they understand that now if I do this I give a bit more a way than in another track I have four more questions thank you thank you very much for very interesting presentations my name is Teklin DC consultant with the World Bank former director of the Commission in the Informatics Directorate General where I was responsible for corporate information systems and the ESA program including EIF I have a question for Mr. Lavazer for data for a free movement of data a fundamental issue is that it has a solid legal basis the same as the other four freedoms that implies treaty change how is Mr. Ansip to address this issue second question is how important next year will be in terms of trust and security not only for the general data protection regulation but also for EID and identification service regulation both of these will come into force and these will be fundamental pillars for the trust and security of the digital economy so my question is is the Commission preparing an awareness raising campaign for the general public on these two regulations and the question could also be answered by Barry and Sim and the third question relates to the once only principle because at the end of the day once only implies national base registries which have really important criteria in terms of confidentiality integrity and availability of these base registries for sharing across border in particular and to what extent are these base registries being implemented in terms of your data policies and your information infrastructure policies in the three states that are represented here today so would you like to add as briefly as you can I'll do it very quickly Mr. Ansip has not in his mind to propose that we should change the treaties and the principles of free movement of data are already there through the principle of free mode of services the freedom of establishment etc. is the issue of implementing these treaty principles in the digital era so we don't see that we need to change the treaties what we need to do is to implement the principles in the digital era as if they were there I can pick up from this again as Estonians we also speak about the effect with the fifth freedom also in our case we are not speaking to the treaties we are seeing so many practical things we can actually do to make it effective as a freedom like that second question was about the EID from our government perspective we don't wait for the commission to act on this that's our job to make sure that the EID are in the country and used right way and people are aware about this so we are indeed in the planning how to make this understandable especially because I have to say that on the EID it gets a bit more complicated compared to what we used to have domestically but that's fine that's the tradeoff third thing in Estonia for us the answer is easy we basically work like base registers anyway for us every registry essentially is a base registry in this conceptually it's built up this way we are seeing the source of truth each one of them and the last point is that that's exactly one of the points among many in the declaration for e-government ministers through the presidency that we tried to say we'll start working in this direction Michael Walch is my name I'm a graphic designer living in Estonia originally Irish a question for Barry Lowry given that the Estonian system is based on everybody having an ID number from birth an ID card with a digital signature and having broadband throughout the country how long do you think this will be before there will be broadband in rural Ireland and that the Irish would be willing to accept an ID card how many decades one or two briefly of course that's a good question Michael to finish sorry I'm going to take the three together do you mind because of the time thank you very much to the panel for some very interesting presentations a question for you living in Belgium complexity of government is not necessarily commensurate with size of the country if you were as you introduced your presentation actually fitting into Barry's shoes right now and you were advising the Irish government to try something out along the Estonian lines that you mentioned what one measure that Estonia has implemented would you go for thank you it's just a quick point of information picking up on Johnny's issue about privacy design and icons I can just give an update from the article 29 committee of the European data protection authorities we're drafting a paper at the moment on transparency which is we hope to cover some of those issues Ireland is actually leading on the drafting of that paper what it means what the transparency principle under GDPR means and also next week we understand the presidency of the working group will announce the industry consultation fab lab session in Brussels in the coming period so just a small point of information which might be of interest to you Johnny so there's two questions Barry you're the first one how long you're asking I guess two different questions I mean obviously the broadband issue Michael is one that the government is working through there's plans to address that but obviously there's many infrastructure questions being asked of the government and many demands on the overall budget my minister would require me to say that so the answer is as fast as we can go that's not a satisfactory answer I know but there has been substantial progress made there's work going on with the telecoms companies in Ireland to maintain that level of progress but here I may want to pick up on that after I've spoken in terms of the actual card itself this is about persuasion it will not be legislated in this country to demand people to have a public service card now let's get into the semantics because that was the big issue this week obviously more and more state services will require a person to use my gov ID they'll need a PSE card so over a period of time a large and growing proportion of the population will have a PSE card now people have used the term by force we've carried out an awful lot of public consultation in the 18-34 bracket over 80% of the people absolutely support the concept of public service card not surprisingly because they're the people who've already given privacy details the Amazon, Google, you name it so we're going to see a voluntary take up of this I mean even in the last three days the intros have been overwhelmed with people going to get their public service cards I think an element of that is actually people voting with their feet and saying well we believe it's a good idea now we're going to go and get them so we're going to get the point I think we're going to probably get close to saturation in the right way and that's through having a compelling argument and persuading people that it's the right thing to do and I think we've seen in the last two or three days a lot of people stand up then they believe that too Thanks Barry and your one piece of good advice given how let's say Kim we are on data sharing of course I would first be inclined to say look I mean it goes strongly with data sharing and the governance of the League of Framework and figuring out the platforms for that but actually the biggest impact through the years that we have seen came from electronic signatures I mean we save we sort of estimated the back of the envelope but we save at least the work week for every employed person just by signing things digitally throughout the whole economy not just within and with the government and that by the way signatures and the way to do that electronic is so essential also again for the digital single market to work that's why ADAS is there that you know if there are digital signatures we can you know cross use them but they have to be there so basically in that sense you know I'm sharing also for that part to become what the plan has as soon as possible I'm hearing a whole lot from our communications I think Sim has talked about how quick it is to get through an online application in Stony and I think congrats to all the speakers are you going to say it in terms of what we got through today in terms of a very short presentation fantastic in terms of broadband really clear government policy it's 100% of people with access to high speed broadband 2015 we were at 51% in Ireland end of next year we'll be at 77% and of those on the question of rural Ireland 300,000 of them will have access to fibre to the home of a product would you say 150 megabits per second and by 2020 we'll be past 90% so we're in the procurement process this month we get the detailed solutions from next stage is final tender so we're getting there we'll get there quickly thanks then just on your behalf to thank all the speakers I think we covered such a wide range but so clearly presented and with great passion and feeling and I think if there's anything besides the detail that we can take out of this session that it all starts with the vision and strategy and ambition and if you don't have that you will never deliver and underpinning it then I think the incremental practical communication the building blocks and underpinning all of that is trust and transparency and also I doubt good communication because it is the future it's going to happen and how do we bring along people I think Barry said people go with their feet if they want to they'll come and get the service but we have to see be patient and show what that vision is and we're really really privileged today I think to have four leaders present with such clarity what the future is like and what is possible so thank you all very much