The University of Southampton
University of Southampton Institutional Repository

The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify

The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify
The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify
The article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government’s electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify’s architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership, highlight several flaws inherent in the Gov.UK Verify’s development and mode of operation. The article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership and ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.
electronic identity, data protection, GDPR, privacy by design, Gov.UK Verify
2212-4748
784-805
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Pearce, Henry
cac95ad0-190d-4f58-bf3d-c79d8cf5aad7
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Pearce, Henry
cac95ad0-190d-4f58-bf3d-c79d8cf5aad7
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95

Stalla-Bourdillon, Sophie, Pearce, Henry and Tsakalakis, Niko (2018) The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify. Computer Law & Security Review, 34 (4), 784-805. (doi:10.1016/j.clsr.2018.05.012).

Record type: Article

Abstract

The article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government’s electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify’s architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership, highlight several flaws inherent in the Gov.UK Verify’s development and mode of operation. The article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership and ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.

Text
Bourdillon Pearce Tsakalakis 08.05.18-ssb7vsc.2 - Accepted Manuscript
Download (344kB)

More information

Accepted/In Press date: 11 May 2018
e-pub ahead of print date: 28 July 2018
Published date: August 2018
Keywords: electronic identity, data protection, GDPR, privacy by design, Gov.UK Verify

Identifiers

Local EPrints ID: 421193
URI: https://eprints.soton.ac.uk/id/eprint/421193
ISSN: 2212-4748
PURE UUID: 0c37904d-4bc4-4612-944e-de9c3631b2c8
ORCID for Niko Tsakalakis: ORCID iD orcid.org/0000-0003-2654-0825

Catalogue record

Date deposited: 24 May 2018 16:30
Last modified: 10 Dec 2019 05:24

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×