eID policy in a turbulent environment: is there a need for a new regulatory framework?

Abstract

There is increasing interest in the EU about the central place of eIdentity (eID) in peoples lives. eID is increasingly seen as a bridge between the commercial viability of models based on large-scale provision of eservices and users need for privacy and security in online transactions. This paper examines technological, social and legal developments in the field of eID and asks whether there is the need for a new regulatory framework that both preserves users identity and enables the provision of advanced services. Firstly, the paper interprets recent market moves in the eID field as a response to a rising regulatory tide. Secondly, it examines some of the challenges arising from Web2.0, and four emerging socio-legal issues associated with eIDbehavioural profiling, social engineering, redlining and other unsocial practices. Thirdly, the paper examines the capacity of the current regulatory framework to absorb this turbulence, and finds it wanting. Finally, it advances a novel model of eID regulation that may help regulators create an identity-preserving, transaction-friendly eID environment.