Legal Aspects of Identity Management and Trust Services

Similar documents
Development Dimensions of Digital Platforms

Details of the Proposal

APEC Internet and Digital Economy Roadmap

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

COMMISSION OF THE EUROPEAN COMMUNITIES 98/0191 (COD) Proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE

European Charter for Access to Research Infrastructures - DRAFT

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

ITI Comment Submission to USTR Negotiating Objectives for a U.S.-Japan Trade Agreement

Building TRUST Literally & Practically. Philippe Desmeth World Federation for Culture Collections

Topic: Birth registration as an opportunity to integrate civil registration and identity management systems

Pan-Canadian Trust Framework Overview

Making Identity Use Predictable. UNCITRAL Colloquium on Identity Management and Trust Services 21 April, 2016

TERMS OF REFERENCE. Preparation of a Policymakers Handbook on E-Commerce and Digital Trade for LDCs, small states and Sub-Saharan Africa

GOVERNMENT RESOLUTION ON THE OBJECTIVES OF THE NATIONAL INFORMATION SOCIETY POLICY FOR

Voluntary Paternity Acknowledgment. Angie Saleeby Vital Records Operations Manager PHSIS

TECHNICAL AND OPERATIONAL NOTE ON CHANGE MANAGEMENT OF GAMBLING TECHNICAL SYSTEMS AND APPROVAL OF THE SUBSTANTIAL CHANGES TO CRITICAL COMPONENTS.

LAW ON TECHNOLOGY TRANSFER 1998

(Beijing, China,25 May2017)

Global Standards Symposium. Security, privacy and trust in standardisation. ICDPPC Chair John Edwards. 24 October 2016

NZFSA Policy on Food Safety Equivalence:

PROGRAM CONCEPT NOTE Theme: Identity Ecosystems for Service Delivery

Section 1: Internet Governance Principles

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT. pursuant to Article 294(6) of the Treaty on the Functioning of the European Union

ASEAN: A Growth Centre in the Global Economy

A Harmonised Regulatory Framework for Supporting Single European Electronic Market: Achievements and Perspectives

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

THE UNIVERSITY OF AUCKLAND INTELLECTUAL PROPERTY CREATED BY STAFF AND STUDENTS POLICY Organisation & Governance

SECTION 13. ACQUISITIONS

Robert Bond Partner, Commercial/IP/IT

Market Access and Environmental Requirements

Signature Without Liability Primer

Getting the evidence: Using research in policy making

AGREEMENT on UnifiedPrinciples and Rules of Technical Regulation in the Republic of Belarus, Republic of Kazakhstan and the Russian Federation

APEC Chile 2019 Chile s Priorities

Draft executive summaries to target groups on industrial energy efficiency and material substitution in carbonintensive

Access to Research Infrastructures under Horizon 2020 and beyond

Smart Cards in the Public Sector

2

The Role of Technology in Shifting the Institutional Structure of Markets

SAUDI ARABIAN STANDARDS ORGANIZATION (SASO) TECHNICAL DIRECTIVE PART ONE: STANDARDIZATION AND RELATED ACTIVITIES GENERAL VOCABULARY

From registers to personal data

Digital transformation in the Catalan public administrations

Okinawa Charter on Global Information Society

Digital Identity Innovation Canada s Opportunity to Lead the World. Digital ID and Authentication Council of Canada Pre-Budget Submission

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

UNIVERSAL SERVICE PRINCIPLES IN E-COMMUNICATIONS

End-to-End Privacy Accountability

1 What is Standardization? 2 What is a standard? 3 The Spanish Association for Standardization, UNE

(Non-legislative acts) DECISIONS

Establishing a Development Agenda for the World Intellectual Property Organization

IV/10. Measures for implementing the Convention on Biological Diversity

EUROPEAN CENTRAL BANK

A/AC.105/C.1/2014/CRP.13

Civil Registry System National Population Register

JBA ABS Symposium on Digital Sequence Information. 28 February 2018 Tokyo

The global leader in trusted identities for an increasingly digital world. Press kit September, 28 th 2017

Submission to the Governance and Administration Committee on the Births, Deaths, Marriages, and Relationships Bill

Identity Management and its impact on the Digital Economy

Mul6lingual Linked Data Technologies for the Single Digital Market

Analysis of Privacy and Data Protection Laws and Directives Around the World

Buenos Aires Action Plan

PTB TWG-ICS- Session 3: Specific domains of respectful newborn care: The role of Civil Registration and Vital Statistics Systems

RECOMMENDATIONS OF THE INFORMATION & COMMUNICATIONS TECHNOLOGY SECTOR

The 26 th APEC Economic Leaders Meeting

ICC POSITION ON LEGITIMATE INTERESTS

Department of Economic and Social Affairs 20 June 2011 United Nations Statistics Division

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

Working Party on Information Security and Privacy

Intergovernmental Group of Experts on E-Commerce and the Digital Economy First session. 4-6 October 2017 Geneva. Statement by SINGAPORE

The 45 Adopted Recommendations under the WIPO Development Agenda

GENERAL DESCRIPTION OF THE CMC SERVICES

Catalogue of Responses to Consultation Paper (Draft APEC Internet Economy Principles)

GREECE. Policy environment. General approaches to information technology and infrastructure

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

ICTen - Invest in Unique ID Schemes and Link CRVS and UHC - a Focus on Concrete Steps and Capacity Building October 29-30, 2015

Protection of Privacy Policy

An Essential Health and Biomedical R&D Treaty

POSITION ON A EUROPEAN CONSULTATION ON EXPERT GROUP FINAL REPORT ON E-INVOICING. General assessment

Working Party on Security and Privacy in the Digital Economy

The TRIPS Agreement and Patentability Criteria

Performance indicators towards sustainability. Reporting framework for cities

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

ORGALIME Position. on the Proposal for a

What does the revision of the OECD Privacy Guidelines mean for businesses?

Type Approval JANUARY The electronic pdf version of this document found through is the officially binding version

Preparing for the new Regulations for healthcare providers

Quality assurance in the supply chain for pharmaceuticals from the WHO perspective

the Companies and Intellectual Property Commission of South Africa (CIPC)

The Corporation of the City of Nelson Office of the Finance and Purchasing Manager Telephone : (250) Fax : (250)

3 BANKNOTES AND COINS

Сonceptual framework and toolbox for digital transformation of industry of the Eurasian Economic Union

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Operational Objectives Outcomes Indicators

THE DIGITAL ECONOMY. BIAC OECD Business Day 7 November 2014 Panel on the Business Case for Innovation

Transcription:

Legal Aspects of Identity Management and Trust Services Anna Joubin-Bret Secretary

What is Identity Management (IdM)? Fundamental issue for the use of electronic means Answers the basic questions: Who or what is seeking to prove identity? Reliability of proof of the identity? Relevance for Sustainable Development Goals: Target 1.4: ensuring access of the poor to economic resources Target 10c: reducing remittances costs Target 16.5: reducing corruption Target 16.9: providing legal identity for all

What is Identity Management (IdM)? Need to identify in order to establish trust, i.e., the reasonable expectation of future behaviour based on past practice Applies to natural / legal persons and to physical / digital objects Performs several functions that may vary significantly in purpose and requirements Requires adjusting business practices and assessing risks Different types of IdM systems: Commercial-driven vs. Government-driven; Centralised vs. Decentralised.

Traditional approach to IdM Different identity verification methods were established to respond to needs of identification Witnesses, signatures, seals Expansion of commercial relations require new identity management tools Eventually, use of government-issued identity credentials became prevalent in trade Based on civil registration and vital statistics registries (where available) Designed for other purposes (e.g., travel) Possible involvement of trusted third parties (e.g., notaries) for high-value transactions Although governments as issuers of credentials do not accept liability, users have no better option and are able to assess risks based on practice

Identification in an electronic environment The ICT revolution dramatically increases the ability to process and re-use data This brings increased attention for data quality: origin, integrity, etc. In commercial transactions, reference to the functions of handwritten signatures seems obvious Identify originator, clarify its intent with respect to the signed message However, electronic signatures go beyond handwritten ones Trust services: presumption of integrity, time-stamping, etc.

Electronic signatures features As the use of electronic signatures increases, some of its features become clearer Not all signatures are the same: reliability varies with the use of different methods and authentication factors. Steps for signing: Identification, authentication, authorisation Identification (i.e. release of electronic credentials) is done against paper-based identifiers (for which the issuer typically accepts no liability)

From electronic signatures to IdM Great legislative interest for electronic signatures However, differences remain in policy, technical and legal choices Challenges in cross-border recognition of electronic signatures Article 9(3) of the UN Electronic Communications Convention enables multilateral legal recognition of electronic signatures. Each system requires costly maintenance and development The multiplication of systems led to an exponential increment in the number of credentials needed to access the system. For users, it is not user-friendly Hence the need for IdM system

Electronic signatures and trust services Trust service means an electronic service normally provided for payments which consists of: (a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or (b) the creation, verification and validation of certificates for website authentication; or (c) the preservation of electronic signatures, seals or certificates related to those services. Source: eidas, article 3(16). Most national laws deal with electronic signatures Other trust services receive piecemeal legal treatment eidas represents an early effort to frame e-signatures in the general trust services framework

IdM policy implications IdM policy may pursue different goals: E-Government / Commercial E-Government only Cybersecurity (See OECD report Digital Identity Management: Enabling Innovation and Trust in the Internet Economy ) Success of IdM systems is proportional to the number of users and variety of applications Excessive reference to technical details and technology may hinder interoperability and mutual legal recognition Desire to harmonise legislative and contractual provisions Need to define common rules for the interaction of the various types of identity and trust services Regional initiatives must be globally coordinated to avoid creating barriers to cross-border electronic exchanges

Classification of Identities Primary or Foundational Identity Secondary or Functional / Transactional Identity It may be attributed only once to each entity It may be multiple for each entity It is an absolute quality that is normally unchangeable. For physical persons: parents, date of birth, biometrics, etc. It may be built over time. For physical persons: creditworthiness, use of medical or educational facilities, etc. It is difficult to replace if compromised: to be shared cautiously and selectively It has a human right component: the right to a digital identity (SDG 16.9) It may be easier to replace in case of compromise It is the only possible if vital records are not available

Interaction of different types of identity In theory, foundational and transactional identities may be used interchangeably for commercial and non-commercial purposes. However, challenges may arise in practice: Primary or Foundational Identity Secondary or Functional / Transactional Identity Inability to share records originating in public vital records Insufficient guarantee on the quality of transactional identity information Limited liability of public providers Liability determined commercially

Increasing trust in IdM: legal aspects Need to further increase trust in IdM in order to extend its use Trust is the belief that something is reliable Reliability is the quality to perform consistently well It is the outcome of a process and not a product Should be technology- and system-neutral IdM-specific laws need to address risk allocation and ensure it will be upheld in court: Clarify parties obligations Allocate liability, e.g., through: Presumptions; Exemptions and limitations of liability; Mandatory insurance.

IdM legal framework: current status IdM-relevant legal provisions may be found on three levels: General laws (e.g. commercial and civil codes provisions on identification, form requirements, liability, etc.) Specific laws (eidas Regulation (2014); Virginia Electronic IdM Act (2015); Benin (2017)) Contractual agreements on legal and technical interoperability Limited guidance at the global cross-border level eidas requires the conclusion of a treaty for recognition of non-eu IdM schemes Virginia IdM Act and Loi 2017-20 of Benin do not address the issue

Features of IdM-specific laws Assessment of reliability is based on compliance with predetermined technical standards Legal consequences of reliability: Cross-border recognition in participating States (eidas); Exemption from liability (Va. E-IDM Act); Authorisation to operate IdM scheme (Loi 2017-10 Benin). They may support agreements on mutual legal recognition and technical interoperability Is this approach sufficient for global recognition of IdM across borders?

Elements of the project Desire to establish a comprehensive and inclusive process based on shared principles and terminology Deal with all types of IdM systems (private/public), all roles, all entities (persons/objects), as well as with all trust services Respect general principles of uniform commercial and e- commerce law Address legal issues such as: rights and obligations of the parties; reliability; liability; effect of contractual agreements; cross-border aspects Exclude data protection and privacy? Clarify relationship between primary and secondary identity and/or IdM and trust services.

Next steps WG IV 56 th session (New York, 16-20 April 2018) Options: Prepare a comprehensive legislative framework (e.g. in a model law defining rights and obligations of participants as well as functional equivalence requirements); Focus on cross-border aspects Possible to use common definitions of Levels of Assurance to facilitate cross-mapping identity schemes Legal effects attributed by the scheme where recognition is sought

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback