What's in a name: the conflicting views of pseudonymisation under eIDAS and the General Data Protection Regulation

Pseudonymisation is gaining traction among modern electronic identification systems as a privacy enhancing technique that can significantly reduce risks of personal data misuse. The recently agreed General Data Protection Regulation (the GDPR) encourages the use of pseudonymisation to comply with its requirement of privacy-by-design. Art. 5 of the European Regulation on electronic identification and trust services (eIDAS) on data processing and protection simply allows the use of pseudonyms in electronic transactions although the facilitation of the implementation of the principle of privacy by design is clearly among the aims listed by Art. 12 of eIDAS. This paper examines the concept of pseudonymisation under eIDAS and the GDPR and suggests that the two Regulations employ two very different, if not incompatible, notions of pseudonymisation. It concludes that a common terminology and approach would be preferable in order to ensure consistency and legal certainty

[1]  Paul Beynon-Davies,et al.  The UK national identity card , 2011, ICIS.

[2]  Eric R. Verheul,et al.  Privacy protection in electronic education based on polymorphic pseudonymization , 2015, IACR Cryptol. ePrint Arch..

[3]  Samson Yoseph Esayas The role of anonymisation and pseudonymisation under the EU data privacy rules: beyond the 'all or nothing' approach , 2015, Eur. J. Law Technol..

[4]  L. Sweeney Simple Demographics Often Identify People Uniquely , 2000 .

[5]  Julien Bringer,et al.  Efficient and Strongly Secure Dynamic Domain-Specific Pseudonymous Signatures for ID Documents , 2014, Financial Cryptography.

[6]  Tarvi Martens,et al.  Electronic identity management in Estonia between market and state governance , 2010 .

[7]  Sophie Stalla-Bourdillon,et al.  Identity assurance in the UK: technical implementation and legal implications under the eIDAS regulation , 2016, WebSci.

[8]  Colette Cuijpers,et al.  Eidas as guideline for the development of a pan European eid framework in futureid , 2014, Open Identity Summit.

[9]  Sven Türpe,et al.  Electronic Identity Cards for User Authentication—Promise and Practice , 2012, IEEE Security & Privacy.

[10]  Thomas Rössler,et al.  Giving an interoperable e-ID solution: Using foreign e-IDs in Austrian e-Government , 2008, Comput. Law Secur. Rev..

[11]  Sophie Stalla-Bourdillon,et al.  Anonymous Data v. Personal Data — A False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data , 2017 .