This document considers the counteracting requirements of privacy and
accountability applied to identity management. Based on the requirements of
GDPR applied to identity attributes, two forms of identity, with differing
balances between privacy and accountability, are suggested, termed
“publicly-recognised identity” and “domain-specific identity”. These forms of
identity can be further refined using “pseudonymisation” and as described in
GDPR. This leads to the different forms of identity on the spectrum of
accountability vs privacy. It is recommended that the privacy and
accountability requirements, and hence the appropriate form of identity, are
considered in designing an identification scheme and in the adoption of a
scheme by data processing systems. Also, users should be aware of the
implications of the form of identity requested by a system, so that they can
decide whether this is acceptable.

Go to Source of this post
Author Of this post: <a href="">Nick Pope</a>, <a href="">Geoffrey Goodell</a>

By admin