Czech Republic Public Administration Data Sharing

Public authorities (PPAs) and private data users (PUPs) use data held in basic registers (ZR), data held in agency information systems (AIS) and possibly other data in the performance of their agendas. In order to ensure effective public administration, it is essential that OVM and SPÚU have a clearly defined set of methods and tools for data sharing, anchored in the overall eGovernment architecture.

Public administration data are data recorded by individual OVMs in their information systems. From the perspective of data sharing, it is important to divide the data into:

• data recorded in the Register of Rights and Obligations (RRO) in the context of agenda reporting (hereinafter referred to as registered data) and other data (hereinafter referred to as non-registered data)
• public and non-public data

For the purposes of this document, registered data means all data registered in the RPP when declaring agendas pursuant to Section 51(6)(k) of Act No. 111/2009 Coll., on the Basic Registers (ZoZR). In addition, the code lists registered in the RPP pursuant to Section 50(2) and Section 54(1)(a) of the ZoZR are referred to as registered data. Other data managed by OVM are referred to as non-registered data for the purposes of this document. Non-registered data includes, for example, an aggregation of data recorded in the RPP used for statistical purposes, unless the aggregation itself is recorded in the RPP. It should be noted that unregistered data should be an exception. Data exchanged between OVMs must all be registered unconditionally. The aim is to minimize the set of unregistered data.

We refer to public data as data that can be read by anyone without access restrictions. Restrictions on the public nature of data are primarily based on Act No. 106/1999 Coll., on free access to information (InfoZ), and in particular on the protection of classified information, the protection of business secrets, the protection of confidentiality of property, the protection of personal data and other restrictions on the right to information under this Act, and secondarily the public nature of data is regulated by other special legislation. Non-public data are those for the reading of which authorisation is required. Authorisation is always required for the entry of data. Public data is indicated by the notifier of the agenda. The data shall be marked as non-public if there is a legislative provision from which the non-publicity of the data is clearly implied. Otherwise, the data shall be marked public. All dials are public without exception.

The classification of public administration data as shown in the following figure follows from the above.

Registered data are data whose existence is explicitly communicated by the OVM as the agenda notifier through the registration in the RPP. Registered data are offered for sharing by the OVM by making them available to the P Linked Data Pool (PPDF) and to the Public Data Pool (VDF) through the reference interface. Unregistered data is all other data. However, their custodian must keep in mind that it is not possible to circumvent the publication of data to the reference interface by not registering it to the RPP. The controller must justify the absence of registration of the data in the RPP. Unregistered data can be shared, using open access and controlled access.

• The PPDF access is used to share registered data (public and non-public) between individual OVMs and to make this data available to individual SPMUs for the purpose of performing their agendas, based on the read or write permissions registered in the RPP.
• Access to VDF is used to share public registered data between individual OVMs and to make these data available to individual SPMUs in the form of open data pursuant to Section 3(11) of the InfoZ. In all cases, it is a reading of data without access restrictions and therefore it is not necessary for OVM and SPMUs to obtain a reading authorisation and register it in the RPP.
• Controlled access is used to access non-public data (registered and unregistered) by anyone (i.e. individual OVMs, SPMUs outside the performance of their agendas and the public) for reading based on defined permissions.
• Open access is used for access to public data (registered and unregistered) for reading by anyone, without access restrictions, in the form of open data according to § 3 paragraph 11 InfoZ.

The data shared through PPDF and VDF are provided to the drawdown OVMs and SPUs through a reference interface with all the guarantees necessary for the exercise of public administration. The data obtained in this way shall be considered by the drawing OCPs and the SPMUs as formally correct (i.e. correct, complete, valid and up-to-date). Public registered data are shared by their controllers through the VDF. In exceptional and justified cases, they shall also share it through the PPDF.

Data shared through controlled and open access is provided without guarantees. Access to them is provided from the public internet, therefore they are more suitable for the public, although they can also be used by OVM and SPUÚ, but not for the performance of public administration, but only for e.g. analytical activities, in the design of their AIS, etc. OVM and SPÚÚ have to use these accesses for the use of non-registered data, as there is no other access to them. As these accesses do not provide guarantees, the use of unregistered data with guarantees necessary for the exercise of public administration is not possible. If guarantees need to be provided, it is necessary to first register the data in the RPP so that it can be appropriately accessed through the PPDF or VDF.

The following figure shows the data types according to the above classification, grouped according to the accesses through which the data can be accessed. It shows that OVM and SPÚUU access the data contained in the PPDF (registered data - mainly non-public, but in exceptional cases also public) through access to the PPDF and the data contained in the VDF (registered public data) through access to the VDF. It further shows that anyone (whether OVM or SPUU, but also generally other entities, e.g. natural persons) can access non-public data through controlled access and public data through open access. While controlled access requires authentication and authorisation of the accessing entity, open access is anonymous. The colored arrows then indicate the characteristics of the data accesses (permissions required/unrestricted, with/without guarantees).

The last figure in this chapter shows the technical way in which remote access to the data (within the meaning of §3(2) of the InfoZ) is ensured. The PPDF and VDF are accessed via a reference interface. Controlled and open access are provided through interfaces exposed to the public internet.