Are digital identity programmes being implemented with privacy by design?

programme

2 July (Thursday)

4.10pm-5.10pm      Digital Identity
  • Pat WALSHE, Director, Privacy Matters, Council of Europe expert
  • Omar SEGHROUCHNI, President, CNDP - Morocco
  • Raymund ENRIQUEZ LIBORO, Privacy Commissioner, National Privacy Commission of the Philippines
  • Eduardo BERTONI, Director, National Access to Public Information Agency - Argentina

See full programme on the main page

Visit the dedicated webpage on Data Protection Views from Strasbourg in Visio (1-3 July) and see other themes:
Session 1: How to ensure that countries that commit to Convention 108+ comply with its provisions? Why do we need a follow-up and evaluation mechanism, and which one?
Session 2: How do we address the latest challenges posed by profiling in an AI era?
Session 3: What does the right to data protection imply in an educational setting? What schools have to do, and what they should stop doing?
Session 4: Are digital identity programmes being implemented with privacy by design?
Session 5: Mirror of our souls: learning Cicero’s lessons and addressing facial recognition risks
Session 6: Political campaigns and elections: why is data protection so crucial?
speakers' presentations

Summary

The panel highlights some of the major risks with respect to digital identity programmes: (1) there are multiple definitions and concepts of what digital identity is/should be, while international organisations, governments and companies deploy their own digital systems, often without any or with limited safeguards; (2) lack of data protection framework and/or relevant legislation in countries that develop systems to provide digital identity to individuals; and (3) even when digital identity systems are supported by a data protection framework, national legislations often lack specific provisions related to the use of “privacy impact assessment and privacy by design” principles. Such deficiencies in turn lead to the creation of parallel systems (e.g. national digitalised ID management system and mandatory sim card registration, etc.) that can have negative impact on individuals’ privacy.

The panel argues that in order to develop better digital identity management systems it is crucial to avoid any narrow interpretation of privacy; to organise meaningful and genuine stakeholder consultations (including vulnerable groups and individuals); and (3) to appropriately implement Articles 1, 10 and 11 of the modernised Convention 108.

Additional issues to be considered are whether “ computerisation of identity” would not be a more adequate designation term; and if biometric data processing should not automatically require a new form of data protection that would prevent that individuals are identified on the basis of their social and digital traces.

The right to identity is considered as a human right and is also supported by the UN Sustainable Development Goal 16.9. The panel acknowledges that modern technology can help to ensure this right at a much greater scale than ever before. However, the use of such technology presents risks that should be mitigated in many ways, notably by implementing measures to prevent the marginalisation of individuals who do not have access to technology; and ensuring the highest security for the personal data possible. If appropriate safeguards are in place and there is strong political consensus on the setting up and use of such systems in a human rights compliant way, digital identity schemes could result in clear benefits for states.

The Q&A session reviews: (1) the role of DPAs; (2) the need for an international legal framework that can ensure an essentially similar level of data protection across countries; (3) the high value of the existing relevant jurisprudence (e.g. Jamaica, India, Canada); and (4) the large need for capacity building measures.