Title: CONCLUSIONS

Conclusions

The analysis of ID-numbers and policies as provided in this deliverable shows that ID-numbers are an essential tool for the realisation of e-government and modern business processes. Due to the increasing pervasiveness of Internet as a means of communication by governments and enterprises, there is a growing necessity for a secure identity management. The need to identify who communicates with whom is essential in an Internet environment because the Internet, by design, lacks these provisions. Because of these shortcomings various solutions have been developed. The identity number is a prominent one. As is shown, the developments in this area could affect the privacy interests of individuals. Individuals often need to disclose more personal data than strictly required. Several steps are still being taken to tackle this problem.

The sociological and the historical analyses indicate that only a carefully attuned policy will allow the present possibilities and opportunities of ID-numbers to be used successfully. From the socio-cultural point of view, experiences in using the identification tool as a method by which to create a feeling of unity in a nation-state, that only exists in the minds of the heads of state, have led to the opposite result. From the social systems point of view, there are potential benefits as well as drawbacks in the usage of an ID-number. In the public domain one of the drawbacks could be caused by the fact that citizens are members of a state as well as clients. The state benefits from the advantages of using ID-numbers and therefore these benefits also are beneficial to its members. Drawbacks might arise when these measures harm the clients of organisations when ID-number linkability is used to create information asymmetry in favour of organisations. Organisations may use this asymmetry to reduce the autonomy of the individuals. This, in turn, may result in a shift in the balance of power favouring organisations.  

In this deliverable the potential information asymmetry,as achieved by technical means, is illustrated by describing profiling techniques envisioned in scenarios for Ambient Intelligence. Even though there are the large risks of abuse in these scenarios,the suggestions  for making good use of the opportunities technology has to offer are promising. This privacy-friendly scenario can be achieved through a joint effort of computer engineers, legal experts and policymakers. Within the scope of the European Data Directive the opportunities for using profiling techniques can thus be put to good use. Individuals can then be monitored without necessitating any kind of transcontextual identification. This fits in with the purpose of the limitation principle of the Directive.

On the whole it is necessary to reconsider the concept of privacy because the broad definition of the right to be left alone is no longer feasible in the present digital era. Nevertheless  without a doubt, the protection of personal data is a fundamental right in the European Union. In many Member States it is a constitutional right. However, if appropriate attention is given to the rights of individuals such as is expressed in the legitimacy of the processing, the data quality and aspects of confidentiality and security, the principle of the protection of personal data or so-called informational privacy, this will enable a sound identity management. In the area of profiling this seems to call for limiting the use of personal data to the proper context. However, this could preclude the use of profiling to its full potential.

This deliverable has shown that it is instrumental to redefine the concept of privacy in terms of “privacy as contextual integrity” while, at the same time, underpinning it with the appropriate technical means. In this light it seems preferable and feasible to adopt multiple ID-number policies. These allow us to discriminate between different contexts providing tailored ID-number policies, depending on which type of privacy is appropriate per context. The point of departure is a type of identity management based on user control. At the same time, the reciprocity or distribution of the transparency can be tailored, depending on the need for checks and balances per context. This does not necessarily rule out interoperability between contexts, because ID-numbers may be linked, e.g. via clearing houses, to provide interoperability. The information asymmetry that looms behind the horizon may thus be turned to good use.

In essence it may be concluded that multiple identifiers in conjunction with interoperability and contextual integrity are the most promising solution for a sound identity management policy in the near future. This does require a fine-tuned combination of transparency and opacity tools to be built into the technological infrastructure. In such a way the individual will not become unnecessarily transparent nor will interoperability be precluded by excessive user control. The advantages of e-government can thus be achieved reciprocally for government and citizen alike. Measures to prevent identity fraud must be part of this IDM policy while, at the same time, the corresponding security measures must be construed in such a way as to inspire the citizen with sufficient trust that the government treats his data safely. It seems that the Austrian citizen card concept is an example that deserves to be pursued further.  

References

Article 29 Data Protection Working Party 2007 

Opinion 4/2007 of 20th June 2007 of the Article 29 Data Protection Working Party on the concept of personal data, available at: http://ec.europa.eu/justice_home/fsj/privacy/ workinggroup/index_en.htm

Nissenbaum 2004 

H. Nissenbaum,  ‘Privacy as Contextual Integrity’, Washington Law Review 79 (2004), pp. 101-140