
Two years ago, the bill on the so-called Once-Only principle was tabled by Digitalisation Minister Stéphanie Obertin. It is designed to make the exchange of digital data between state administrations possible and, in doing so, to lighten the load on citizens who have to jump through the same administrative hoops time and again.
As good as the idea may be, a number of legal concerns have arisen, at least according to the Council of State's opinion published last Friday.
It is a familiar frustration. As a private individual or a company, you often have to supply the same information again and again in administrative procedures, whether with the state or with municipalities, all of which takes a considerable amount of time.
Once-Only is meant to make life simpler. Minister Obertin already tabled a bill in 2024 to set up a legal framework to govern the exchange of data between the state, municipalities and citizens.
Yet what makes life easier on one side has to be properly framed on the other, and that is where things get tricky. As it stands, the legal text allows for a relatively free flow of data between so-called public entities. That runs into difficulty on several counts with the well-known European GDPR, which requires data to be kept to a minimum.
Data may only be collected, consulted, or passed on where a specific reason for doing so has been established. If every administration can share citizens' data with every other without a tighter legal framework, that principle is undermined. On top of that, the Council of State also points to a number of legal uncertainties.
The criticism is that the text does not spell out clearly enough which public entities can exchange which data with which others, and in which cases. The legal text suggests this should be dealt with through protocols or even Grand Ducal regulations. For the Council of State, however, it is clear that this must be spelled out in law.
The Council of State has a number of suggestions on that front. Since the text is exceptionally broad, it proposes that data-sharing should initially be limited to central state administrations, in other words leaving municipalities and other public bodies out for now. A clearer legal framework would also be needed to set out which categories of data can be exchanged, under which conditions and for which reasons.
All of this is, of course, a very simplified account of the opinion. In an era of ever-deeper digitalisation and artificial intelligence, it is often said that data is the gold of the 21st century. It is better, then, to handle it with a little more care. That, at least, is one way of reading the Council of State's opinion.