Information and Identity Governance – Context for Basic Principles

Putting the basic principles into application, social, business and legal context

The report ‘The State of the Electronic Identity Market: Technologies, Infrastructure, Services and Policies’ (2010)
emphasises the role of interoperability and credential portability in eID market development, lists key barriers limiting the growth of the eID market, and provides a set of recommendations aimed at promoting the development of a mature, integrated EU27-wide eID ecosystem.

Sponsored by the Institute for Prospective Technological Studies of the European Commission, the report emphasises that empowering citizens to be active and confident in their use of eID in the new digital society is of prime importance to the European economy.

Crucial questions to consider...

  • 42. Detail how the co-operatives set up by banks (VISA, Mastercard, BACS, CHAPS, LINK, Identrust, SWIFT etc.) acquire lives of their own – or not and how identity relates to these?
  • 43. Discuss the conflict between country of origin and country of destination principles. Why the issues have not been resolved, the costs (to whom) of that failure, the positions of the various interest groups, which ways forward might be politically practical etc?
  • 44. How do we ensure inter-operability standards which enable/encourage innovative third party supplies to provide vendor-neutral niche products and services at the hardware and software as well as service levels?
  • 45. How do we include the SME and Customer voices in high level discussions between governments, their preferred national suppliers and the global players?
  • 46. How could/should we reconcile the requirements to retain data in case it is needed by regulators and law enforcement and requirements to delete data when no longer require for business/operational purpose? What is the balance between due-diligence and privacy?
  • 47. Could/should regulators be able to ban data collected under statutory powers from being transmitted, processed or stored outside their jurisdictional boundaries nations? What positive or negative impact do you see if this were possible?
  • 48. What are the approaches for recognition and acceptance of cross-border data sharing in order to facilitate commerce? What approaches should be used for dispute resolution enforcement? (See APEC Privacy Framework)
  • 49. Should there be a right to forget (or be forgotten) and if so how should it be defined and in what contexts? How could/should this be exercised and who should pay? Is the right to be forgotten new in the EU or is there already a right to remove consent and be forgotten under current regulation? In what way does the right to be forgotten affect other universal rights?
  • 50. What opportunities would a lax Information and ID ecosystem offer to criminals and terrorists?