Abstract
The paper presents a Pan-European Identity Management System that was developed through the concerted efforts of several European research initiatives, and identifies gaps in the privacy protection mechanisms, which occur because privacy is considered strictly from the EU Data Protection regulation perspective. Privacy protection problems are identified, and measures to eliminate them are outlined on the basis of an extended notion of privacy, which includes aspects of unlinkability, transparency, anonymity and pseudonymity.
Chapter PDF
Similar content being viewed by others
Keywords
References
A Roadmap for a Pan-European eIDM Framework by 2010 (2010), http://ec.europa.eu/information_society/activities/ict_psp/documents/eidm_roadmap_paper.pdf
Cavoukian, A.: A Foundation Framework for a Privacy by Design – Privacy Impact Assessment (2011), http://privacybydesign.ca/content/uploads/2011/11/PbD-PIA-Foundational-Framework.pdf
Commission of the European Communities: i2010 eGovernment Action Plan, Brussels (2006), http://europa.eu/legislation_summaries/information_society/strategies/l24226j_en.htm
de Andrade, N.N.G.: Towards a European eID Regulatory Framework, Challenges in Constructing a Legal Framework for the Protection and Management of Electronic Identities. In: Gutwirth, S., et al. (eds.) European Data Protection: In Good Health? (2002)
Document on IDABC - Interoperability Activities, http://ec.europa.eu/idabc/en/document/5319/5883.html
European Commission, How does the data protection reform strengthen citizens’ rights? http://ec.europa.eu/justice/data-protection/document/review2012/factsheets/2_en.pdf
European Union (EU), Directive 2006/123/EC of the European Parliament and of the council on services in the internal market. Official Journal of European Communities of 23 November 1995, No L. 376, 36 (1995)
European Union (EU), Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data. Official Journal of the European Communities of 23 November 1995, No L. 281, 31 (1995)
FIDIS, Future of Identity in the Information Society, http://www.fidis.net/
Hansen, M.: Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012)
Jori, A.: Data Protection Law – An Introduction. Privacy and privacy protection (2007), http://www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.Privacy
Lusoli, W., Maghiros, I., Bacigalupo, M.: eID policy in a turbulent environment: is there a need for a new regulatory framework? European Commission Joint Research Centre (2009)
Majava, J., Graux, H.: Common specifications for eID interoperability in the eGovernment context, eID Interoperability for PEGS. Technical Report, IDABC eGovernment eServices (2007)
Modinis-IDM, https://www.cosic.esat.kuleuven.be/modinis-idm/twiki/bin/view.cgi
Otjacques, B., Hitzelberger, P., Feltz, F.: Identity Management and Data Sharing in the European Union. In: 39th Hawaii International Conference on System Sciences (2006)
Personal Identifiable Information, http://en.wikipedia.org/wiki/Personally_identifiable_information
Stefanova, K., Kabakchieva, D., Nikolov, R.: Design Principles of Identity Management Architecture Development for Cross-Border eGovernment Services. Electronic Journal of e-Government 8(2), 189–202 (2010)
Stern, M.: D5.8.3d Security Principles and Best Practices. STORK Deliverable (2011)
STORK, Secure identity across borders linked, https://www.eid-stork.eu/
STORK2 – Secure identity across borders linked 2.0, https://www.eid-stork2.eu/
Strauß, S.: The Limits of Control – (Governmental) Identity Management from a Privacy Perspective. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 206–218. Springer, Heidelberg (2011)
Svantesson, D., Clarke, R.: Privacy and consumer risks in cloud computing. Computer Law & Security Review, 391–397 (2010)
Whittaker, Z.: Yes, U.S. authorities can spy on EU cloud data. Here’s how, http://www.zdnet.com/yes-u-s-authorities-can-spy-on-eu-cloud-data-heres-how-7000010653/
Zwingelberg, H., Hansen, M.: Privacy Protection Goals and Their Implications for eID Systems. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 245–260. Springer, Heidelberg (2012)
European Commission, Proposal for a Regulation of the European Parlament and of the Council, on the protection of individuals with regards to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels (2012)
Marchini, R.: Cloud Computing Under The European Commission, Proposed Regulation To Revise The EU Data Protection Framework. In: World Data Protection Report, vol. 12, Bloomberg BNA (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Sapelova, S., Jerman-Blažič, B. (2014). Privacy Issues in Cross-Border Identity Management Systems: Pan-European Case. In: Hansen, M., Hoepman, JH., Leenes, R., Whitehouse, D. (eds) Privacy and Identity Management for Emerging Services and Technologies. Privacy and Identity 2013. IFIP Advances in Information and Communication Technology, vol 421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55137-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-55137-6_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55136-9
Online ISBN: 978-3-642-55137-6
eBook Packages: Computer ScienceComputer Science (R0)