Identification versus anonymity in e-government CONCLUSION

Conclusion

The medical sector requires more and more data for statistical purposes. The privacy requirements have to be fully integrated in any infrastructure dealing with e-health. But loyalty cards, credit cards or cellular phone operators collect large amounts of information about customers too. Such information can be used for accessing health-related information. For instance, Mrs. X has bought a pregnancy test; Mr. Z was in the left wing of the hospital at 10:00 am and had a scan two hours later, hence he probably has cancer. Such indirect health data have a similar level of confidentiality and should be treated as such by their owners. This risk can be excluded by systematically anonymizing data. 

The approach described in this chapter shows how cryptographic methods and non-identifying pseudonyms can, in special situations, be used to guarantee to some extent that identifying information cannot be used for purposes other than originally intended, while still allowing for statistical information to be drawn from the whole set of data. This is a relevant finding for the purpose of this deliverable, since it shows that identification data need not necessarily be processed even when exploiting new opportunities of electronic data processing.  

Governments can exploit the potential of ICT to improve service delivery for citizens in eGovernment, but it is not always necessary for governments to process and store identifying data. For certain purposes, the identity knowledge of governments need not necessarily be enlarged, which is particularly relevant if sensitive data – such as medical data – are concerned. The technical approach sketched in this chapter could therefore be used in and adapted to new fields of application in public service delivery, as a privacy-enhancing technology.