Electronic administration and privacy: what happens to your data when you click
A few years ago, completing a procedure with the administration meant endless lines, stamps, papers and service counters. Today, almost everything is done online. You request a certificate, renew a document, check your driving license points… all without leaving your home. Wonderful, yes, but also a huge change: now every click you make leaves a trace.
The document “Protection of personal data and Electronic Administration”, prepared for the Catalan Data Protection Authority, already warned about this almost two decades ago. It explained in detail how digitalization improved public management, but also how it put something as basic as privacy at risk. Let’s break it down.
1. Technology and the administration: efficiency that comes at a price
Digitizing the administration was a revolution. Gone were folders full of papers, endless archives and in-person visits for everything. Now information is centralized, accessible and automated. But this comes at a price: the more data a system handles, the higher the risk that something slips through.
The author sums it up very well: the problem is not only how much information is stored, but how it is used and who can access it.
For example, when you complete an online procedure, your identity is automatically recorded, along with the date, IP address or the document you upload. All of this becomes part of the citizen’s “digital footprint.” And if there are no proper controls, that footprint can become a treasure trove for someone who should not have access to it.
2. Publishing information on the Internet: transparency with limits
One of the most interesting sections of the text discusses the dissemination of administrative information online.
Not long ago, publishing a list with names, resolutions or sanctions was completely normal. But when those lists moved from the bulletin board to the website, the impact changed dramatically. What used to be seen by a few can now be seen by anyone, anywhere in the world and for years.
That’s why the idea is clear: transparency, yes, but wisely. Publishing personal data (names, addresses, file numbers…) should only be done if there is a legal basis and for a limited period of time.
The administration should always ask itself:
Is it necessary to show the full name, or are initials enough?
How long should this information remain available?
Could it negatively affect the person if it remains on Google ten years from now?
If the answer is uncomfortable, it’s time to review before publishing.
3. Digital logging: the invisible eye that sees your clicks
Another lesser-known point: every time you access an institutional website, the system logs your steps. Not just the procedure you complete, but also how many times you enter, how long you stay or what queries you make.
This logging can make sense (for example, to prove you submitted a request or to improve system security), but it also raises questions: to what extent is it legal to store this data? For how long? And who can review it?
The document insists that the administration must be transparent about this logging. Citizens have the right to know what information about them is stored and for what purpose. It cannot become a “digital big brother” disguised as efficiency.
4. Electronic signature: the new ID that connects everything
The electronic signature and the digital ID were presented as the great solution. And they are, as long as they are used correctly. They allow us to identify ourselves without physically going to an office.
But the author of the study issues an important warning: when the same identifier (for example, the electronic ID number) is used for all kinds of procedures —health, tax, academic, employment— there is a risk of creating an overly complete profile of a person.
In other words: if everything is linked to a single number, someone with privileged access could reconstruct your entire life. That’s why it is recommended to limit the use of the same identifier depending on the context, and to apply pseudonymization or encryption measures whenever possible.
5. Interconnection of databases: the dream (and risk) of modern administration
One of the greatest advantages of digital government is that administrations can share information with one another. You no longer need to bring twenty different documents: a city council can directly consult your census data or Social Security records.
Perfect… until someone does it without proper control.
The text explains that interconnections between public databases must be regulated and justified. Not every exchange of information is legal. It is only allowed when there is:
A law authorizing it.
A specific purpose.
And adequate security safeguards.
If an agency accesses data it does not need, or uses it for a purpose different from the original one, it is violating the law. For example, using your tax data to calculate a subsidy is not the same as using it to create a statistical study without anonymizing it.
6. Trust, transparency and accountability
The document also discusses a concept that is often repeated today: digital trust. For people to use electronic administration without fear, they need to be sure their data is safe and that they can file a complaint if something goes wrong.
That’s why the document proposes creating accountability policies:
Inform citizens about what data is collected and why.
Record internal access logs.
Proactively publish data protection protocols.
And above all, take responsibility when mistakes occur.
7. The role of the citizen
Electronic administration is not only a matter for the government. It also depends on us. The text reminds us that citizens have rights, but also duties: use official channels, protect our passwords, review the data we provide and, when something doesn’t look right, file a complaint.
Because yes, filing a complaint works. If you believe an institutional website has published personal information about you without justification, you can contact the Catalan Data Protection Authority (APDCAT) and request its removal.