Towards a European eID Regulatory Framework Challenges in Constructing a Legal Framework for the Protection and Management of Electronic Identities

The difficulties, barriers and challenges in implementing a regulatory framework for a pan-European electronic identity (eID)1 have been analyzed before in a number of studies. Deliverables pertaining to research projects funded by the European Union (EU), as well as study reports prepared for the European Commission in the areas of eID and eGovernment,2 have focused on the legal complexities that currently hinder the realization of a pan-European eID scheme. In this respect, researchers and scholars have devoted more attention to legal barriers than to possible legal solutions. This paper attempts to fill this gap, and also to contribute to research on both these analytical dimensions. The article first summarizes the main legal obstacles and challenges to the implementation of a pan-European eID scheme and then suggests a conceptual framework of principles to address these challenges and overcome the obstacles. In summary, this paper contributes to the ongoing debate on the benefits of a regulatory framework for an electronic identity scheme for Europe by presenting a number of legal proposals that could facilitate the realization of such a scheme.

[1]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[2]  Thomas Myhr Legal and organizational challenges and solutions for achieving a pan-European electronic ID solution: or I am 621216-1318, but I am also 161262-43774. Do you know who I am? , 2008, Inf. Secur. Tech. Rep..

[3]  Thierry Nabeth,et al.  Identity of identity , 2006, Datenschutz und Datensicherheit - DuD.

[4]  Thomas Martin,et al.  Digital forensics and the issues of identity , 2010, Inf. Secur. Tech. Rep..

[5]  M. Rundle International Personal Data Protection and Digital Identity Management Tools , 2006 .

[6]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[7]  A. James 2010 , 2011, Philo of Alexandria: an Annotated Bibliography 2007-2016.

[8]  Yves Poullet,et al.  About the E-Privacy Directive: Towards a Third Generation of Data Protection Legislation? , 2010, Data Protection in a Profiled World.

[9]  Norberto Nuno Gomes de Andrade The Right to Privacy and the Right to Identity in the Age of Ubiquitous Computing: Friends or Foes? A Proposal Towards a Legal Articulation , 2012 .

[10]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[11]  Dirk Van Rooy,et al.  Trust and privacy in the future internet—a research perspective , 2010 .

[12]  Norberto Nuno Gomes de Andrade Data Protection, Privacy and Identity: Distinguishing Concepts and Articulating Rights , 2010, PrimeLife.

[13]  Christina M. Akrivopoulou,et al.  Personal Data Privacy and Protection in a Surveillance Era: Technologies and Practices , 2010 .

[14]  WongRebecca The Data Protection Directive 95/46/EC , 2012 .

[15]  P. Craig The Treaty of Lisbon: Process, architecture and substance , 2008 .