The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify

The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify
The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify
The article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government’s electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify’s architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership, highlight several flaws inherent in the Gov.UK Verify’s development and mode of operation. The article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership and ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.
electronic identity, data protection, GDPR, privacy by design, Gov.UK Verify
2212-4748
784-805
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Pearce, Henry
cac95ad0-190d-4f58-bf3d-c79d8cf5aad7
Tsakalakis, Niko
eae42e98-58b8-45b9-8c11-35a798cc9671
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Pearce, Henry
cac95ad0-190d-4f58-bf3d-c79d8cf5aad7
Tsakalakis, Niko
eae42e98-58b8-45b9-8c11-35a798cc9671

Stalla-Bourdillon, Sophie, Pearce, Henry and Tsakalakis, Niko (2018) The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify. Computer Law and Security Review: The International Journal of Technology Law and Practice, 34 (4), 784-805. (doi:10.1016/j.clsr.2018.05.012).

Record type: Article

Abstract

The article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government’s electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify’s architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership, highlight several flaws inherent in the Gov.UK Verify’s development and mode of operation. The article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership and ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.

Text
Bourdillon Pearce Tsakalakis 08.05.18-ssb7vsc.2 - Accepted Manuscript
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Download (344kB)

More information

Accepted/In Press date: 11 May 2018
e-pub ahead of print date: 28 July 2018
Published date: August 2018
Keywords: electronic identity, data protection, GDPR, privacy by design, Gov.UK Verify
Learn more about Cyber Security research Learn more about Southampton Law School research

Identifiers

Local EPrints ID: 421193
URI: http://eprints.soton.ac.uk/id/eprint/421193
DOI: doi:10.1016/j.clsr.2018.05.012
ISSN: 2212-4748
PURE UUID: 0c37904d-4bc4-4612-944e-de9c3631b2c8
ORCID for Sophie Stalla-Bourdillon: ORCID iD orcid.org/0000-0003-3715-1219
ORCID for Niko Tsakalakis: ORCID iD orcid.org/0000-0003-2654-0825

Catalogue record

Date deposited: 24 May 2018 16:30
Last modified: 16 Mar 2024 06:37

Export record

Altmetrics

Contributors

Author: Sophie Stalla-Bourdillon ORCID iD
Author: Henry Pearce
Author: Niko Tsakalakis ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×