Identity Management and Data Protection Law: Risk, Responsibility and Compliance in 'Circles of Trust'

Olsen, Thomas; Mahler, Tobias

Identity Management and Data Protection Law: Risk, Responsibility and Compliance in 'Circles of Trust'

Computer Law & Security Report, Part I (Sections 1, 2), Vol. 23, No. 4, pp. 342-351, 2007; Part II (Sections 3-5), Vol. 23, No. 5, pp. 415-426, 2007

34 Pages Posted: 17 Sep 2007

See all articles by Thomas Olsen

Tobias Mahler

University of Oslo - Norwegian Research Center for Computers and Law

Abstract

Today, we are expected to remember a different user name and password for almost every organisation or domain we want to access on the Internet. Identity management seeks to solve this problem by making digital identities transferable across organisational boundaries. The basic idea is that the participating organisations will set up a collaboration (or circle of trust) which involves both identity providers and other service providers. However, there is a risk that identity management may reduce the users' level of privacy: Can the collaborating organisations collect personal information and create a profile which includes the user's interaction with all collaborators? Who is responsible for the processing of personal data if many organisations collaborate? How can the user make informed decisions and consent to the processing of his data? This article seeks to address these issues from the perspective of European data protection law.

Keywords: Identity management, data protection law, privacy, privacy-enhancing technologies, risk management

JEL Classification: K19, K39

Suggested Citation: Suggested Citation

Olsen, Thomas and Mahler, Tobias, Identity Management and Data Protection Law: Risk, Responsibility and Compliance in 'Circles of Trust'. Computer Law & Security Report, Part I (Sections 1, 2), Vol. 23, No. 4, pp. 342-351, 2007; Part II (Sections 3-5), Vol. 23, No. 5, pp. 415-426, 2007, Available at SSRN: https://ssrn.com/abstract=1015006