The GDPR: a game changer for electronic identification schemes? The case study of Gov.UK Verify

Sophie Stalla-Bourdillon, Henry Pearce, Nikos Tsakalakis

Research output: Contribution to journalArticlepeer-review

171 Downloads (Pure)

Abstract

This article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government's electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify's architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership – highlight several flaws inherent in the Gov.UK Verify's development and mode of operation. This article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership. It ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.
Original languageEnglish
Pages (from-to)784-805
Number of pages22
JournalComputer Law & Security Review
Volume34
Issue number4
Early online date28 Jul 2018
DOIs
Publication statusPublished - 1 Aug 2018

Keywords

  • Data protection
  • Electronic identification
  • GDPR
  • Gov.UK Verify
  • Joint controllership
  • Legal bases
  • RCUK
  • EPSRC
  • EP/L016117/1

Fingerprint

Dive into the research topics of 'The GDPR: a game changer for electronic identification schemes? The case study of Gov.UK Verify'. Together they form a unique fingerprint.

Cite this