Identity Management and Data Protection Law: Risk, Responsibility and Compliance in 'Circles of Trust'
Computer Law & Security Report, Part I (Sections 1, 2), Vol. 23, No. 4, pp. 342-351, 2007; Part II (Sections 3-5), Vol. 23, No. 5, pp. 415-426, 2007
34 Pages Posted: 17 Sep 2007
Abstract
Today, we are expected to remember a different user name and password for almost every organisation or domain we want to access on the Internet. Identity management seeks to solve this problem by making digital identities transferable across organisational boundaries. The basic idea is that the participating organisations will set up a collaboration (or circle of trust) which involves both identity providers and other service providers. However, there is a risk that identity management may reduce the users' level of privacy: Can the collaborating organisations collect personal information and create a profile which includes the user's interaction with all collaborators? Who is responsible for the processing of personal data if many organisations collaborate? How can the user make informed decisions and consent to the processing of his data? This article seeks to address these issues from the perspective of European data protection law.
Keywords: Identity management, data protection law, privacy, privacy-enhancing technologies, risk management
JEL Classification: K19, K39
Suggested Citation: Suggested Citation