2. Communications between social security institutions and the citizens
Whereas EESSI is intended to contribute to the digitisation of cross-border communications between social security institutions, the following digital technologies apply to the relationship between EU citizens and social security institutions and are intended to complement EESSI.
a) European social security -number
An initial initiative covering the introduction of an ESSN (European Social Security Number), was announced by the EC president, Jean-Claude Juncker, in 2017.
All EU citizens should receive a unique social security number, which should be valid as a uniform, cross-system identifier in all member states. It should enable clear identification of people and a quick check of the social security status to be made across national borders and it should also contribute to avoiding errors when exchanging data and combating abuse when claiming social benefits.
Effort was disproportionate to the benefits
The EC‘s initiative to introduce an ESSN was ultimately stopped by the Regulatory Scrutiny Board. Being an independent body, this Board advises the College of Commissioners and provides quality control for impact assessments drafted by the EC and assists in evaluating existing legislation. After the impact assessment was presented, the Board concluded that the need to introduce an ESSN was not sufficiently justified and that the effort was disproportionate to the benefits.
Whereas the introduction of an ESSN and the objectives it would pursue seemed interesting to social security institutions at first, it also raised a number of fundamental questions. Even “embedding” it in the very different structures of the social security systems used in the member states would have been a very complex undertaking. Other aspects, such as the question of who assigns the number, how duplications could be avoided, where would the data be stored and how would it be protected, would also have to be clarified. In Germany, it would also have had to be clarified whether the collecting of such sensitive data under a uniform identifier would be compatible with the “census judgement” of the Federal Constitutional Court. At the time the judges declared that providing a data network of sensitive data through a uniform personal identification number was unacceptable.1
The EC then rejected the ESSN project. Not because the aim of digitising the coordinating of social security systems or combating social fraud was superfluous. On the contrary, the EC concluded that the ESSN was not the most economical solution to realising these objectives and that its introduction would intrude into the realm of private data. Digital technologies have long been available that enable the same objectives to be realised more efficiently and with less data intrusion.
b) European social security pass
As an alternative to the ESSN, the EC proposed, in March 2021, introducing an ESSP (European Social Security Pass) by 2023 as part of its action plan for implementing the European Pillar of Social Rights. It still wants to solve two problems: firstly, being able to uniquely identify a person and secondly, being able to verify her or his social security status. The ESSP will take a different path even though the ESSN would have combined both aspects.
European digital identity and -ID-wallet
Whereas a person will be identified via the EU-ID (European Digital Identity), the ESSP, which will be stored digitally in a so-called “ID-wallet,” should enable the relevant actors and labour inspectors to digitally check the social security status as well as benefits and entitlements for mobile EU citizens in real time once they have been identified.
In June 2021, the EC presented a proposal for an amendment to Regulation (EU) No 910/2014 in order to create a European digital identity system. This should be available to all EU citizens and enable them to digitally identify themselves with just one click on their mobile phone and also be able to save and manage official documents – including the ESSP – in electronic form in their ID-wallet. This would ensure that they always have full control over the data they pass on.
The ID-wallets will be based on national systems, provided that they already exist, and are to be issued by the member states within twelve months of the proposed regulation coming into force. EU citizens would receive their ID-wallet in the relevant member state and could download and use it on their personal smartphone or other device.
According to current concepts, the ESSP could be based on “Blockchain” technology. A blockchain is a technical solution for managing data within a distributed infrastructure through consensus in a comprehensible way that eliminates any data manipulation.2 As opposed to the ESSN, the ESSP will do away with the need for a central data repository. Such a solution is being developed by EBSI (European Blockchain Services Infrastructure). EBSI is a joint initiative between the EC and the EBP (European Blockchain Partnership) for providing EU-wide cross-border public services using blockchain technology. In addition to other cross-border services, such as certifying documents or exchanging certificates, the ESSP will be an EBSI application that is currently being worked on.
ESSP pilot project
In order to evaluate the feasibility of a digital ESSP solution, the EC launched a pilot project with the Italian “Istituto Nazionale della Previdenza Social” (INPS), the largest public social security institution in Italy, at the beginning of 2021. In addition to Italy, which is actively implementing the pilot project, Austria, Croatia, Hungary, Germany, Greece, Malta, Poland, Sweden, the Netherlands, and Slovakia are also involved in the project as consulting experts.
The pilot project should be completed by 2023. The initial phase will run until 2022 and it deals with digitising the procedures for issuing and controlling the portable PDA1 document. Other components such as the EHIC (European Health Insurance Card) will be tested during the second phase, which will run until 2023.
There are still many open questions
Introducing an ESSP sounds attractive from the point of view of the social insurance institutions, as it pursues the same objectives as the ESSN in conjunction with the EU-ID. In addition to enabling EU citizens to communicate with social security organisations in an efficient and fraud-proof way, the ESSP could also allow a person‘s social security status to be determined and any social security benefits and claims to be verified without the need to create a central repository for sensitive data. EU citizens would still have control over their own data, which would be available online in real time via a mobile phone app or an alternative method.
However, the project is based on the still to be implemented EU-ID and the ID-wallet. These are imperative conditions for introducing the ESSP. It seems doubtful whether both can be implemented in the near future, even if the experience from the COVID 19 pandemic shows that digital solutions are currently being boosted by a “tailwind”. A comparison: currently, only around 60 per cent of EU citizens benefit from the option of cross-border electronic identification that was already introduced in 2014 under EU Regulation No. 910/2014 covering electronic identification and trust services for electronic transactions within the internal market.
MEPs of the Employment and Social Affairs Committee also seem to be concerned about the time aspect. In their resolution of November 25, 2021, the MEPs not only point out that the European Parliament had already called for a legislative proposal about an ESSN in 2014 but also call on the EC to be more ambitious in terms of content and timing so that a legislative proposal for an ESSP can be presented by the end of 2022.3
There are still questions to be clarified with regard to data protection. The European Data Protection Supervisor points to concerns about compliance with the GDPR if blockchain technology is used, such as the transferring of data outside the EU and the impossibility of deleting or correcting entries in a blockchain. He also warned that blockchain technology may not be suitable for all EU-ID applications and that more protective measures will be needed.4
The ESSP project is still in its early stages. It remains to be seen to what extent conclusions will be provided by the pilot project. This is all the more true as the participating member states, apart from Italy, are only participating as experts with observer status. However, this will be of limited value without active participation in testing the technology as well as studying national characteristics, available capacities and existing barriers.
c) Single digital gateway
Another module in digitising the communications between EU citizens and social security institutions is the SDG (Single Digital Gateway). The purpose of the SDG is to create a uniform European portal for data and the digital handling of specific administrative procedures within the EU. This portal should also include an overview of essential rights and obligations under EU law. A platform called “Your Europe” acts as the SDG‘s access portal and it is the standard digital point of contact between EU citizens and the public administrations of the member states, including the social security institutions.
Well on the way, but still some way to go
The citizen portals belonging to all member states have been bundled into the common EU portal since the end of 2020 and this allows EU citizens to search in all EU languages and access national portals. Selected procedures should be fully usable online by the end of 2023. In the area of the coordination of the social security systems this will include requests for the portable PDA1 document, the EHIC and pensions of mobile EU citizens.
Many European social security organisations already provide a lot of relevant information online, such as health insurance coverage, unemployment or retirement pension information in keeping with the SDG requirements and they are working to have all of the above procedures set up online by 2023. Implementing the “once only” principle is proving to be especially difficult. Commission implementing acts providing the technical specifications for the implementation of the principle are still pending. The purpose of the “once only” principle is to ensure a one-off provision of data that public administrations can reuse and share with each other in compliance with the data protection regulations