Advantages for the PA
Common functions available to all public services
The IO is based on the analysis of the citizens’ needs. All public entities providing digital services will profit from IO as it provides the main functions necessary for the interaction between the public administration and citizens, thanks also to the integration with the enabling platforms pagoPA, ANPR and SPID.
Organizations participating in the project will be able to take advantage of the open API (Application Programming Interface) of the IO platform in order to send notifications and messages to citizens, complete economic transactions, send and request user documents, and manage general preferences.
Citizens will no longer need to provide and update their email address, mobile telephone number, bank details, preferred contact method, language spoken, etc., on each and every site.
The components of the project and the subjects who use them
Privacy and personal data
IO is configured as a channel that the Public Administrations can use to provide certain components (functions) of their digital services. It is in some respects similar to the use of electronic mail as a means of communication with citizens, with the user’s personal data being stored by the entities that manage the services.
IO has been conceived and developed by taking into account the provisions of the current legislation, including the recent directives of the new privacy regulation (GDPR), in accordance with the principle of "privacy by design".
IO is configured as the data processor responsible for the data it carries. The data controllers remain the providers of the respective services. IO uses part of the anonymized data for the sole purpose of improving the quality of the service offered to citizens.
Documents and messages are stored in a database spread across European data centers that utilize "encryption at rest". The content is present in the provider's systems exclusively for the time necessary to ensure the transmission. Data relating to transactions and payment methods are processed by a certified PCI provider.
Citizens remain owner of their data. At any time, citizens can choose to download all the data concerning themselves or cancel their subscription to the service with the removal of the stored data.
Around the citizen
It is sufficient for PAs to have a user's tax code in order to use IO's functions
Today, it is difficult for many public entities to determine the contact details or other personal information of the user, often involving considerable time and effort.
The same applies to citizens, who are forced to complete their profile and provide their personal data on the website of each institution whose services they wish to use.
IO solves this problem by allowing any entity with citizens’ tax code to use IO's APIs to contact users, send them documents or notices, or to read the preferences that the citizens have chosen to set.
The assurance of communicating directly with the right citizen is guaranteed by the authentication process based on SPID. If the citizen has not yet activated the app, IO will ensure to deliver the message through the traditional channel, or will notify the service that the citizen is not yet on board.
Security and privacy
IO is an open source project. This allows us to upturn the paradigm of "security through secrecy". The application codes and backend platforms are available to all, including those who choose to help by reporting malfunctions and possible bugs.
The code is developed by implementing OWASP best practices and tools that monitor the integrity of the requirements. However, security is a continuous process and community help is an important factor for the success of "responsible disclosure" practices.
Authentication occurs safely via SPID. This ensures that IO does not directly manage passwords and any update mechanisms that are delegated to the IDPs. In addition to the SPID credentials, in order to ensure a more effective user experience, a PIN or a biometric recognition mechanism will be requested, if the device in use supports this functionality.. Both the PIN and the data necessary for recognition (such as a fingerprint) do not leave the device nor are they shared with third parties.
The Law and IO
The instructions of the Digital Administration Code
The "Electronic Access Point for PA services"
Article 64-bis establishes the "electronic access point activated via the Presidency of the Council of Ministers", as the channel through which all public entities must make their services usable.
The "Right to simple and integrated online services"
Article 7 adds that all citizens have the right to use the services provided by public entities in digital form and in an integrated way, including via an electronic access point and through mobile devices.
The duties of the Public Administrations
To enact this right, all Public Administrations must design their own digital services in order to guarantee the integration and interoperability with the IO backend, reorganizing and updating their services, setting out from the real needs of users.
When will the services be integrated?
The CAD update states that all citizens must be able to use this right from the date on which the "electronic access point" is activated, thus as soon as IO completes its beta phase.
Do you want to add your services to IO?
Do you want to be amongst the first PAs to use the IO functions?
IO is an open project, hence any public body can participate. In the initial phase, priority will be given to citizens in the territories with the highest number of participating entities and services, and to the entities that offer services to the greatest number of citizens. Please, describe in the appropriate section of the forum the services that you would like to equip with the IO functions.