Adopting “Once Only” in the German Government — A Citizen-Centric Approach
Adopting a Once-Only policy, allowing federal ministries and agencies to exchange data to deliver services, creates value both for governments and citizens. It makes citizens’ interactions with the state easier — instead of having to provide the same information multiple times to different agencies, they can consent to an agency to store their data and request previously collected data from other agencies. At the same time governments save on the time and resources it takes to request the same data multiple times and store it in different locations.
Once-Only policies typically require governments to set up a mechanism that identifies citizens across services. For merging data collected across government agencies, governments typically issue a unique identifier, such as a national ID. This identification mechanism, together with a data-sharing mechanism, are the key ingredients to Government as a Platforms approach. Therefore, adopting a Once-Only policy is often seen as a vehicle to transform how a government operates, yielding benefits beyond applications of Once-Only.
However, a unique identifier poses risks to citizens’ privacy and may be illegal in the German context. A common identifier across services lowers the barrier for government actors to merge citizens’ data for purposes other than delivering the service the citizen requested even if it is illegal. While previously combining data was impeded both by the law and technical hurdles, now the law is the only remaining security layer. And the effective protection provided by the law may be weak, given civil society has little visibility on government IT processes. Further, a unique common identifier used across services may not be constitutional in Germany based on past rulings of the Federal Constitutional Court.
Issuing a unique identifier to implement Only-Once is also an inherently government-centric approach that risks undermining the social contract between citizens and the state. Providing citizens unique identifiers across services helps the state “see” its citizens — it is akin to historic processes in which the state assigned people last names to identify them for taxation. Currently citizens share their data in the belief that it will not be used against them on other occasions. Therefore, the possibility that governments combine citizens’ data against their will may seriously undermine citizens’ trust. Further, the common identifier also weakens the protection the state can offer from foreign actors. If foreign state or non-state actors steal government data (the recent attack on the German Bundestag serves a warning), a unique identifier allows them to compile and misuse comprehensive profiles of citizens.
Instead, the government should adopt a citizen-centric Once-Only policy. It could work as follows: government and citizens keep current their domain-specific identification mechanisms (e.g., social security ID, passport ID, etc.). If they request a service from, for example, the social security office which requires information from the registration office, citizens can, if they want to, authorize the social security office to pull the data from the registration office. To do so, on the website of the social security office, a window by the registration office opens. Citizens verify their identity to the registration office with their passport ID, and subsequently, the form on the social security website is populated with the information from the registration office. (This process is similar to one often used in e-commerce — for paying online in an online store, customers verify their identity to their bank rather which then provides payment information to the e-commerce website).
The citizen-centric approach gives citizens both ownership as well as responsibility over the data. With the envisioned approach, data sharing happens on a case-by-case and opt-in basis. Citizens can selectively choose which services they want to connect. Further, even if actors insider or outside the government try to illegally combine data across different services, domain-specific IDs represent an additional security layer. The information that connects disparate data is stored decentrally, i.e., with the citizen.
The new data strategy, combined with increased funding, provides the political opportunity to adopt a user-centric Once-Only policy in the German government. The German government is currently developing a new data strategy. An already published concept note lists enabling data sharing within the public administration as one of its objectives. At the same time, the stimulus program launched in response to Covid-19 provides an additional billion in funding for digitalizing government services. Privacy concerns are traditionally very strong in Germany. However, a Once-Only policy that combines a joint data sharing mechanism with separate identification mechanisms has strong built-in privacy protection and thus is likely politically supportable in the German context.
This blog post was was written in response to an assignment for the course DPI-662 Digital Government: Technology, Policy, and Public Service Innovation at Harvard Kennedy School.
