I. What is digital signature?
Digital signature is a technical concept and refers to a mathematical transformation of a document by means of an encrypting operation with private key which a person has in cryptographic card or some other secure means. In this way, the receiver of the data can verify the source of the data and protect himself from a forgery.
II. What is electronic signature?
Electronic signature is a legal concept which provides cover to those technologies that permit the same functions to be obtained as the signature of documents on paper, with electronic techniques, IT techniques and telematic techniques. We can indicate the following as functions which are fulfilled by the electronic signature:
- Authentication of a previously identified person.
- Authentication of the origin of certain data.
- Declaration of knowledge.
- Declaration of wishes.
All technologies that permit some or all of these functions to be fulfilled are legally considered signatures, and they all have the opportunity of being valid and being considered legal evidence according to Law 59/2003, of 19 December, on electronic signature.
The Advanced Electronic Signature
The advanced electronic signature allows us:
- To identify the signatory.
- To detect any subsequent change in the signed data.
- To uniquely link the signature and the signed data.
- It has been created using means that the signatory can maintain under his exclusive control.
The Recognised Electronic Signature
The recognised electronic signature can be defined as being any technological mechanism which can allow us to obtain electronic documentary authenticity, in other words, we can:
- Protect the integrity of the electronic documents.
- Authenticate the author of these documents.
- Attribute the author of these documents the consideration of being their author.
III. The legal effects of the e-signature
The electronic signature is regulated in Spain by Law 59/2003, of 19 December, on electronic signature.
As indicated in article 3.4 of Law 59/2003, the electronic signature has "concerning the data confirmed in electronic format, the same value as the handwritten signature with regard to the data consigned on paper”.
The legal consequences of this regulation are as follows:
- Use an electronic signature when the regulation requires a written signature.
- Consider the signed computer file as an electronic document, equivalent to the written document for all legal effects.
- Consider the electronic signature as the "signature" of the person, and it attributes the original document to him as author.
The recognised electronic signature offers the highest level of guarantee of the electronic signature.
Declaration of wishes
The electronic signature carries an implicit declaration of wishes, in a general way, as in the case of being yet another form of expressing the consent of the signatory at the time of using his electronic signature, for example, when signing a document (a contract, a medical prescription, a tax return, etc.).
IV. The e-signature as evidence
The electronic signature as evidence is regulated in Law 56/2007, of 28 December, on Measures for Promoting the Information Society.
Contribution to the process
The support on which the electronically signed data are found will be admitted as documentary evidence at court.
If the authenticity of the recognised electronic signature with which the data incorporated in the electronic document have been signed should be objected, it will be verified whether this is an advanced electronic signature based on a recognised certificate, which meets all the requirements and conditions set out in this Law for this type of certificate and also whether the signature has been generated by means of a secure device for creating electronic signature.
The charge for carrying out these verifications shall be paid by the person who has submitted the electronic document signed with recognised electronic signature. If these verifications obtain a positive result, the authenticity of the recognised electronic signature with which that electronic document has been signed shall be presumed to be authentic, and the costs, expenses and fees originating the verification shall exclusively be payable by the person who has filed the objection. If, in the opinion of the court, the objection has been malicious, a fine of 120 to 600 euros may furthermore be imposed on that person.
If the authenticity of the advanced electronic signature, with which the data included in the electronic document has been signed, is objected, the provisions set out in section 2 of article 326 of the Code of Civil Procedure shall be applied.
Inalterability of the signed document
An electric signature user may sign an electronic document. Thanks to the electronic signature, this signed electronic document will then have the property of integrity and will consequently become inalterable. If altered, the electronic signature will inform us that the signed electronic document has been modified or manipulated.
V. The Certification Service Providers
What are they?
In accordance with article 2.2 of Law 59/2003, of 19 December, on electronic signature, the Certification Service Providers are those individuals or legal entities that issue certificates or provide other services with regard to the electronic signature (for example, the issue of date and hour stamps, validation services of certificates, etc.). A Certification Entity of electronic signature is a Certification Service Provider that issues certificates to third entities. A Certification Entity may technically execute its function of issuing certificates having its own technology and means, delegating on technology of third parties or collaborating with other entities. There are Certification Entities that issue certificates to the general public (electronic National ID Documents (DNI) or the FNMT (National Mint) for Spanish citizens, idCAT for residents in Catalonia, IZENPE for residents in the Basque Region, ...) whereas others do so strictly in an internal or corporate setting (CGCOM for doctors, ACAbogacía for lawyers, ANCERT for notaries, ...).
A Registration Entity is a Certification Service Provider that registers users when it offers its services to third entities. A Registration Entity may technically execute its function of registering users having its own technology and means, delegating on technology of third parties or collaborating with other entities. Its users registration function consists of obtaining sufficient information from the applicant of a certificate to enable the Certification Entity to issue him a certificate. There are Registration Entities that offer their services to the general public whereas there are others that strictly do so in an internal or corporate scenario.
A Validation Entity is a Certification Service Provider that verifies electronic signatures and certificates when it offers its services to third entities. A Validation Entity may technically execute its function of verifying certificates having its own technology and means, delegating on technology of third parties or collaborating with other entities. There are Validation Entities that offer their services to the general public whereas there are others that strictly do so in an internal or corporate scenario.
VI. Data protection and electronic signature
The electronic certificate which gives hedge to electronic signatures carried out by a user contains his personal data; consequently the protection of this data becomes one of the main legal obligations of the Certification Service Providers.
In its article 17.1, Law 59/2003 specifies the need for the Certification Service Provider to adapt his activity to the prescriptions of Organic Law 15/1999, of 13 December on personal data protection and its rules of implementation.
On the other hand, it should be considered that the receivers of the signed documents should also protect the personal data included in the digital certificates which they receive, apart from these data being used to verify the signature of the person who has sent us (and signed) the document, and they shall not use the signatory's data for any other purpose without the signatory's specific consent.