The University of Southampton
University of Southampton Institutional Repository

Data protection by design for cross-border electronic identification: Does the eIDAS Interoperability Framework need to be modernised?

Data protection by design for cross-border electronic identification: Does the eIDAS Interoperability Framework need to be modernised?
Data protection by design for cross-border electronic identification: Does the eIDAS Interoperability Framework need to be modernised?

This paper contributes to the discussion on privacy preservation methods in the context of electronic identification (eID) across borders through interdisciplinary research. In particular, we evaluate how the GDPR principle of ‘Data Protection by Design’ applies to the processing of personal data undertaken for identification and authentication purposes, suggesting that, in some cases, unlinkable eIDs should be a key requirement in order to facilitate data minimisation and purpose limitation. We argue that in an attempt to welcome diverse types of architectures, the Interoperability Framework could have the effect of reducing the data protection level reached by some national eID schemes, when transacting with services that do not require unique identification. We consequently propose that data minimisation and purpose limitation principles should be facilitated through the implementation of two methods, pseudonymisation and selective disclosure, through an addition to eIDAS’ technical specifications.

Data Protection by Design, eIDAS, Electronic identification, GDPR, Privacy by Design, Pseudonymisation, Selective disclosure, Unlinkability
1868-4238
255-274
Springer New York
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Kosta, Eleni
Fischer-Hübner, Simone
Pierson, Jo
Slamanig, Daniel
Krenn, Stephan
Tsakalakis, Niko
7d9c7129-d04e-4ed6-aefa-12371a007b95
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Kosta, Eleni
Fischer-Hübner, Simone
Pierson, Jo
Slamanig, Daniel
Krenn, Stephan

Tsakalakis, Niko, Stalla-Bourdillon, Sophie and O'hara, Kieron (2019) Data protection by design for cross-border electronic identification: Does the eIDAS Interoperability Framework need to be modernised? Kosta, Eleni, Fischer-Hübner, Simone, Pierson, Jo, Slamanig, Daniel and Krenn, Stephan (eds.) In Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data: 13th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Vienna, Austria, August 20-24, 2018, Revised Selected Papers. vol. 547, Springer New York. pp. 255-274 . (doi:10.1007/978-3-030-16744-8_17).

Record type: Conference or Workshop Item (Paper)

Abstract

This paper contributes to the discussion on privacy preservation methods in the context of electronic identification (eID) across borders through interdisciplinary research. In particular, we evaluate how the GDPR principle of ‘Data Protection by Design’ applies to the processing of personal data undertaken for identification and authentication purposes, suggesting that, in some cases, unlinkable eIDs should be a key requirement in order to facilitate data minimisation and purpose limitation. We argue that in an attempt to welcome diverse types of architectures, the Interoperability Framework could have the effect of reducing the data protection level reached by some national eID schemes, when transacting with services that do not require unique identification. We consequently propose that data minimisation and purpose limitation principles should be facilitated through the implementation of two methods, pseudonymisation and selective disclosure, through an addition to eIDAS’ technical specifications.

Text
Accepted Manuscript
Restricted to Repository staff only
Request a copy

More information

Published date: 2019
Venue - Dates: 13th International IFIP Summer School on Privacy and Identity Management – Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data, Vienna, Austria, 2018-08-20 - 2018-08-24
Keywords: Data Protection by Design, eIDAS, Electronic identification, GDPR, Privacy by Design, Pseudonymisation, Selective disclosure, Unlinkability

Identifiers

Local EPrints ID: 431139
URI: https://eprints.soton.ac.uk/id/eprint/431139
ISSN: 1868-4238
PURE UUID: e27243bb-a1ee-4966-8ef9-fa8fc8e14af3
ORCID for Niko Tsakalakis: ORCID iD orcid.org/0000-0003-2654-0825
ORCID for Kieron O'hara: ORCID iD orcid.org/0000-0002-9051-4456

Catalogue record

Date deposited: 24 May 2019 16:30
Last modified: 08 Aug 2019 00:36

Export record

Altmetrics

Contributors

Author: Niko Tsakalakis ORCID iD
Author: Kieron O'hara ORCID iD
Editor: Eleni Kosta
Editor: Simone Fischer-Hübner
Editor: Jo Pierson
Editor: Daniel Slamanig
Editor: Stephan Krenn

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×