1. bookVolume 11 (2021): Issue 2 (September 2021)
Journal Details
License
Format
Journal
eISSN
2674-4619
First Published
18 Jun 2013
Publication timeframe
2 times per year
Languages
English
access type Open Access

Those Who Shall Be Identified: The Data Protection Aspects of the Legal Framework for Electronic Identification in the European Union

Published Online: 15 Nov 2021
Volume & Issue: Volume 11 (2021) - Issue 2 (September 2021)
Page range: 3 - 24
Journal Details
License
Format
Journal
eISSN
2674-4619
First Published
18 Jun 2013
Publication timeframe
2 times per year
Languages
English
Abstract

The article focuses on the intersections of the regulation of electronic identification as provided in the eIDAS Regulation and data protection rules in the European Union. The first part of the article is devoted to the explanation of the basic notions and framework related to the electronic identity in the European Union— the eIDAS Regulation. The second part of the article discusses specific intersections of the eIDAS Regulation with the General Data Protection Regulation (GDPR), specifically scope, the general data protection clause and mainly personal data processing in the context of mutual recognition of electronic identification means. The article aims to discuss the overlapping issues of the regulation of the GDPR and the eIDAS Regulation and provides a further guide for interpretation and implementation of the outcomes in practice.

Keywords

Andraško, J. (2016), ‘Electronic identification and authentication in the context of electronic public administration services,’ CER Comparative European Research, no. 2, pp. 75–78. Search in Google Scholar

Andraško, J. (2017), ‘Mutual recognition of electronic identification means under the EIDAS Regulation and its application issues,’ AD ALTA: Journal of Interdisciplinary Research, vol. 7, no. 2, pp. 9–13. Search in Google Scholar

Article 29 Data Protection Working Party (2007), Opinion 4/2007 on the concept of personal data adopted on 20th June, 01248/07/EN WP 136. Search in Google Scholar

Bygrave, L. (2017), ‘Data protection by design and by default: Deciphering the EU’s legislative requirements,’ Oslo Law Review, vol. 4, no. 2, pp. 105–120. http://doi.org/10.18261/ISSN.2387-3299-2017-02-0310.18261/issn.2387-3299-2017-02-03 Search in Google Scholar

Carpenter, C. (2020), ‘Privacy and proportionality: Examining mass electronic surveillance under Article 8 and the Fourth Amendment,’ International Comparative Law Review, vol. 20, no. 1, pp. 27–57. https://doi.org/10.2478/iclr-2020-000210.2478/iclr-2020-0002 Search in Google Scholar

Cavoukian, A. (2011), 7 Principles of Privacy by Design. Retrieved from https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf [accessed 7 Nov 2020] Search in Google Scholar

Court of Justice of the European Union (2009), Judgment of the Court (Grand Chamber) of 9 November 2010, Volker und Markus Schecke GbR (C-92/09) and Hartmut Eifert (C-93/09) v Land Hessen. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62009CJ0092 [accessed 7 Nov 2020] Search in Google Scholar

CEF Digital (n.d.), ‘How Does It Work? EIDAS Regulation.’ Retrieved from https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=82773030 [accessed 7 Nov 2020] Search in Google Scholar

Cuijpers, C. & Schroers, J. (2014), eIDAS as guideline for the development of a pan European eID framework in FutureID. Retrieved from https://core.ac.uk/download/pdf/34614563.pdf [accessed 7 Nov 2020] Search in Google Scholar

Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, OJ L 13, 19.1.2000, pp. 12–20. Search in Google Scholar

EDPB (2019), Guidelines 4/2019 on Article 25 Data Protection by Design and by Default adopted on 13 November 2019. European Data Protection Board Plenary meeting, 12–13 November 2019. Search in Google Scholar

EDPS (2012), Opinion of the European Data Protection Supervisor on the Commission proposal for a Regulation of the European Parliament and of the Council on trust and confidence in electronic transactions in the internal market (Electronic Trust Services Regulation), European Data Protection Supervisor. Retrieved from https://edps.europa.eu/sites/edp/files/publication/12-09-27_electronic_trust_services_en_0.pdf [accessed 7 Nov 2020] Search in Google Scholar

ENISA (2014), Privacy and Data Protection by Design—from policy to engineering, The European Union Agency for Cybersecurity. Retrieved from https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design [accessed 7 Nov 2020] Search in Google Scholar

European Commission (n.d., a), ‘eIDAS Cooperative Framework.’ Retrieved from https://ec.europa.eu/cefdigital/wiki/display/EIDCOOPNET/eIDAS+Cooperation+Network [accessed 7 Nov 2020] Search in Google Scholar

European Commission (n.d., b), ‘eIDAS—Implementing Acts.’ Retrieved from https://ec.europa.eu/futurium/en/content/eidas-implementing-acts [accessed 7 Nov 2020] European Commission (n.d., c), ‘eIDAS Level of Assurance.’ Retrieved from https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Levels+of+Assurance [accessed 7 Nov 2020] Search in Google Scholar

European Commission (n.d., d), ‘EU Trusted Lists of Trust Service Providers.’ Retrieved from https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers [accessed 7 Nov 2020] Search in Google Scholar

Fuster, G. (2014), The Emergence of Personal Data Protection as a Fundamental Right in the EU, Cham: Springer. Search in Google Scholar

Hamuľák, J. & Nevická, D. (2020), ‘The Slovak v the Danish labor law approach to COVID 19 pandemic,’ International and Comparative Law Review, vol. 20, no. 2, pp. 231–238. https://doi.org/10.2478/iclr-2020-002610.2478/iclr-2020-0026 Search in Google Scholar

Jasmontaite, L.; Kamara, I.; Zanfir-Fortuna, G. & Leucci, S. (2018), ‘Data protection by design and by default: Framing guiding principles into legal obligations in the GDPR,’ European Data Protection Law Review, vol. 4(2018), no. 2, pp. 168–189. https://doi.org/10.21552/edpl/2018/2/710.21552/edpl/2018/2/7 Search in Google Scholar

Kesa, A. & Kerikmäe, T. (2020), ‘Artificial intelligence and the GDPR: Inevitable nemeses?’ TalTech Journal of European Studies, vol. 10, no. 3(32), pp. 68–90. https://doi.org/10.1515/bjes-2020-002210.1515/bjes-2020-0022 Search in Google Scholar

Porcedda, M. G. (2018), ‘On boundaries—finding the essence of the right to the protection of personal data,’ in R. Leenes, R. van Brakel, S. Gutwirth & P. De Hert (eds.) Data Protection and Privacy: The Internet of Bodies, Oxford: Hart Publishing. Search in Google Scholar

Project FIDIS (n.d.), [Homepage]. Retrieved from http://www.fidis.net/ [accessed 7 Nov 2020] Search in Google Scholar

Project STORK (n.d.), [Homepage]. Retrieved from https://cordis.europa.eu/project/id/297263 [accessed 7 Nov 2020] Search in Google Scholar

Razmetaeva, Y. (2020), ‘The right to be forgotten in the European perspective,’ TalTech Journal of European Studies, vol. 10, no. 1(30), pp. 58–76. https://doi.org/10.1515/bjes-2020-000410.1515/bjes-2020-0004 Search in Google Scholar

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, pp. 1–88. Search in Google Scholar

Regulation (EU) no. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, OJ L 257, 28.8.2014, pp. 73–114. Search in Google Scholar

Romano, F. B. (2013), The Right to the Protection of Personal Data: A New Fundamental Right of the European Union. Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2330307 [accessed 7 Nov 2020] Search in Google Scholar

Rubinstein, I. S. (2011), ‘Regulating privacy by design,’ Berkeley Technology Law Journal, vol. 26, no. 3, pp. 1409–1456. Search in Google Scholar

van der Sloot, B. (2015), ‘Do privacy and data protection rules apply to legal persons, and should they? A proposal for a two-tiered system,’ Computer Law & Security Review, vol. 31, no. 1, pp. 26–45. https://doi.org/10.1016/j.clsr.2014.11.00210.1016/j.clsr.2014.11.002 Search in Google Scholar

The Modinis IDM Study Team (2005), ‘Modinis study on identity management in eGovernment: Common terminological framework for interoperable electronic identity management,’ Consultation paper v2.01. Retrieved from http://ec.europa.eu/information_society/activities/ict_psp/documents/eid_terminology_paper.pdf [accessed 7 Nov 2020] Search in Google Scholar

Tsakalakis, N.; Stalla-Bourdillon, S. & O’Hara, K. (2016), ‘What’s in a name: the conflicting views of pseudonymisation under eIDAS and the general data protection regulation,’ in D. Hühnlein, H. Roßnagel, C. H. Schunck & M. Talamo (eds.) Open Identity Summit 2016, Bonn: Gesellschaft für Informatik e.V., pp. 167–174. Search in Google Scholar

Tsakalakis, N.; Stalla-Bourdillon, S. & O’Hara, K. (2018), ‘Data protection by design for cross-border electronic identification: Does the eIDAS interoperability framework need to be modernised?’ in E. Kosta et al. (eds.) Privacy and Identity Management. Fairness, Accountability and Transparency in the Age of Big Data, 13th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2, International Summer School, Vienna, Austria, August 20–24, 2018, Revised Selected Papers, pp. 255–274. Search in Google Scholar

Tzanou, M. (2013), ‘Data protection as a fundamental right next to privacy? “Reconstructing” a not so new right,’ International Data Privacy Law, vol. 3, no. 2, pp. 88–99. https://doi.org/10.1093/idpl/ipt00410.1093/idpl/ipt004 Search in Google Scholar

Zaccaria, A.; Schmidt-Kessel, M.; Schulze, R. & Gambino, A. M. (2020), EU eIDAS Regulation: Article-by-Article Commentary, Oxford: Bloomsbury Publishing PLC.10.17104/9783406759017 Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo