Service providers, ICT firms and few others like identity assurance supplier manages information about people's identity which involves prerequisite of credentials, identification, followed by authentication and authorisation. Much of the information are collected, stored and analysed. Due to new technological business popping in, there is a recent shift from 'centralized controlled system' to 'open identity system' (Hoikkanen et al 2010). To what degree the businesses and consumers have the right to opt out from current and future regulations or from particular transactions requires thorough scrutinization. Legal responsibility may arise due to scarcity of diligence.
The duration of maintaining ones data safely and correctly to avert misuse is a serious issue. Another issue arises with data-portability and technical-legal illiteracy. Even the software designers are not conscious of legal issues that may arise due to few functionality adapted in the product. Significance of law seems to be marginal and hence it is given a thought at latter stage of the design process. As seen from the economic standpoint, there arise various concerns regarding monetisation of identity systems and associated risks/benefits.
The Literature specifies that there are five major electronic Identity Regulatory challenges.
eIdentity is classified under legal category:
The various tasks involved in the eIdentity transactional process are: service provider, modes of identification like name, ID number etc, motive of identification whether its for verification or traceability, resource to be accessed like social, commercial or public. eIdentity is a broader segement of Data Protection (DP). DP rules aid in worldwide legal interoperability but they do not tackle certain privacy issues like digital identity popularity, multiple actors and identifiers. Provider plays a vital role when legal issues are concerned.
Identity rights issue:
The identity right is a protective right wherein there are restrictions based on the need of the purpose. Transparency in transactions and collecting minimal personal information are vital; however due to technological invasion, firms are imposed with legal and regulatory laws. The other issue is that the details should not be misused or misinterpreted. Therefore the rule maker should attempt to regulate transactions in such a way that personal information are not required and enforce new legal laws that does not encourage misinterpretation of data by any parties.
Government rules and roles:
Governments should ensure privacy but there are associated issues like maintaining the data for a longer duration. It is also not a right thing to dispose the eIdentity data because all transactions need to be recorded and maintained. The rapid increase in eIdentity places a burden on data managing activities of government and the high cost associated in managing implies that such activities can be taken over by non-government bodies (Adrie van der Luijt, Audit Chiefs Still Lax on Data Privacy, 26 June 2008, Online article, Director of Finance Online,
Available: http://www.dofonline.co.uk/governance/audit-chiefs-still-lax-on-data-privacy6637.html, 24 July 2008.). To effectively monitor transactions, strict rules should be enforced. The need for the rule makers is to define regulatory framework based on issues faced by governments.
Market developments
In recent years, firms argue that identity issues can be well handled if data protection issues are well handled. "Some firms operating in the eIdentity market are outside the control of a single identity market regulation" (Hoikkannen ) This is applicable to dominant players in the market. It is vital that policy makers define regulatory and legal frameworks that are applicable across common market. "Companies need a clear, actionable structure of incentives and disincentives, both economic and legal, to respect user privacy by relinquishing personal data as a potential source of revenue at negligible marginal costs" (Hoikkannen nd). The eventual purpose of the model is to make sure that a stage is set wherein no firm tries to gain competitive advantage by exploiting its bossy position. It is necessary to understand that the firms activities within the country and across borders differs due to differentiation in rules and regulations among countries.
Another hurdle is assosciated with the "infomediaries including web 2.0 platforms". Private sources of personal information like google, facebook do posesss some control but still obscure as there is no financial returns associated with tasks like gathering and selling the information which would tally the cost of gathering the details. Since such players do posess knowledge about consumers behaviour, policy makers should define guidelines for such infomediaries so as to ensure data protection. Identity can be considered as a 'Capital Asset'. Identity owns different value over changing times and thus it can be well understood by game theory. Identity is said to posess network effects which implies extensive usage results in increase in economic value of identity. Lastly, identity can also be viewed as 'Cost' which implies that the identity's economic value is understood only when it earns cash for various stakeholders (government, end-users etc). The need of the hour is to frame right model, associated tools or metrics to track the identity market.
Increase in identity management systems (IdM):
The increase in IMS in last decade resulted in numerous digital identification systems which offered numerous identity factors, various standards and processed and varied degree of assurance. These factors made people hard to know how the system works and hence educating the public is crucial so as to well handle digital identities. The accountability and transparency offered by IdMs should be improvised or there should exist strict policies such that they are same across all systems. The accountability and transparency across various services in legal and technical domain poses certain issues. The issues must be properly resolved by efficiently utilizing the IdM systems to gain maximum potential. Policy makers need to focus on improvising the knowledge of public and to define varied measure to achieve greater degree of accountability and transparency from IdM system designers and providers. (OECD, The Role of Digital Identity Management in the Internet Economy: A Primer for Policymakers)
Suggestions for challenges:
Albeit the legislation provides guidelines for data protection and privacy management, various efforts are put forth by many institutions to resolve eIdentity challenges. The challenges still exist due to lack of efficient standard implementation and the below table presents few solutions to the challenges.
The contextualization of data is the vital factor to proper functioning of a system or service and hence such scenarios must be given a thought and it should be addressed in the legal framework. The present legislation is not sufficient enough to regulate static data and the question is if present regulatory management can handle with upcoming ever-changing identity value in merged real and digital environment. The firm providing stored data is infomediary and how the legislation addresses issues like information being hacked or misused. The policy makers should create rules which are same across common market and identity protection steps should be taken from the start so as to benefit to a greater degree from IdM systems. In a nutshell, the presence of uniform legislation would result in cooperation among various players involved in varied parts of the Value Chain.
