The University of Southampton
University of Southampton Institutional Repository

Identity Assurance in the UK: technical implementation and legal implications under eIDAS

Identity Assurance in the UK: technical implementation and legal implications under eIDAS
Identity Assurance in the UK: technical implementation and legal implications under eIDAS
Gov.UK Verify, the new Electronic Identity (eID) Management system of the UK Government, has been promoted as a state-of-the-art privacy-preserving system, designed around demands for better privacy and control, and is the first eID system in which the government delegates the provision of identity to competing private third parties. Under the EU eIDAS, Member States can allow their citizens to transact with foreign services by notifying their national eID systems. Once a system is notified, all other Member States are obligated to incorporate it into their electronic identification procedures. The paper offers a discussion of Gov.UK Verify's compliance with eIDAS as well as Gov.UK Verify's potential legal equivalence to EU systems under eIDAS as a third-country legal framework after Brexit. To this end it examines the requirements set forth by eIDAS for national eID systems, classifies these requirements in relation to their ratio legis and organises them into five sets. The paper proposes a more thorough framework than the current regime to decide on legal equivalence and attempts a first application in the case of Gov.UK Verify. It then assesses Gov.UK Verify's compliance against the aforementioned set of requirements and the impact of the system's design on privacy and data protection. The article contributes to relevant literature of privacy{preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture. It is also, to our knowledge, the first exploration of the future of eID management in the UK after a potential exit from the European Union.
electronic identity, eID, eIDAS, GDPR, data protection, trust services, Gov.UK Verify
32-46
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
O'Hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
O'Hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4

Tsakalakis, Niko, Stalla-Bourdillon, Sophie and O'Hara, Kieron (2017) Identity Assurance in the UK: technical implementation and legal implications under eIDAS. The Journal of Web Science, 3 (3), 32-46. (doi:10.1561/106.00000010).

Record type: Article

Abstract

Gov.UK Verify, the new Electronic Identity (eID) Management system of the UK Government, has been promoted as a state-of-the-art privacy-preserving system, designed around demands for better privacy and control, and is the first eID system in which the government delegates the provision of identity to competing private third parties. Under the EU eIDAS, Member States can allow their citizens to transact with foreign services by notifying their national eID systems. Once a system is notified, all other Member States are obligated to incorporate it into their electronic identification procedures. The paper offers a discussion of Gov.UK Verify's compliance with eIDAS as well as Gov.UK Verify's potential legal equivalence to EU systems under eIDAS as a third-country legal framework after Brexit. To this end it examines the requirements set forth by eIDAS for national eID systems, classifies these requirements in relation to their ratio legis and organises them into five sets. The paper proposes a more thorough framework than the current regime to decide on legal equivalence and attempts a first application in the case of Gov.UK Verify. It then assesses Gov.UK Verify's compliance against the aforementioned set of requirements and the impact of the system's design on privacy and data protection. The article contributes to relevant literature of privacy{preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture. It is also, to our knowledge, the first exploration of the future of eID management in the UK after a potential exit from the European Union.

Text
WebSciJournal - Accepted Manuscript
Download (593kB)
Text
106.00000010 - Version of Record
Download (770kB)

More information

Accepted/In Press date: 26 July 2017
e-pub ahead of print date: 7 December 2017
Published date: December 2017
Additional Information: Associated publications: Tsakalakis, N., O'hara, K., & Stalla-Bourdillon, S. (2016). Identity assurance in the UK: technical implementations and legal implications under the eIDAS regulation. 55-65. Paper presented at WebSci '16 Proceedings of the 8th ACM Conference on Web Science, Germany. Tsakalakis, N., Stalla-Bourdillon, S., & O'Hara, K. (2016). What's in a name: the conflicting views of pseudonymisation under eIDAS and the General Data Protection Regulation. 167-174. Paper presented at Open Identity Summit 2016, Italy.
Keywords: electronic identity, eID, eIDAS, GDPR, data protection, trust services, Gov.UK Verify

Identifiers

Local EPrints ID: 413943
URI: http://eprints.soton.ac.uk/id/eprint/413943
PURE UUID: 2b803d3e-02f3-4a09-bb94-a8c2b1cef4b7
ORCID for Niko Tsakalakis: ORCID iD orcid.org/0000-0003-2654-0825
ORCID for Kieron O'Hara: ORCID iD orcid.org/0000-0002-9051-4456

Catalogue record

Date deposited: 11 Sep 2017 16:31
Last modified: 28 Oct 2020 05:03

Export record

Altmetrics

Contributors

Author: Niko Tsakalakis ORCID iD
Author: Kieron O'Hara ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×