Benefits of Privacy-Enhancing Identity Management

Article excerpt

Introduction

In everyday life, individuals are frequently and naturally playing different roles, for example as family members, citizens or patients. Typically, when a person is performing a certain role, he does not reveal all personal data about himself to respective communication partners but only parts of his personal data (i.e. parts of his identity, also called his "partial identities"). Figure 1 below illustrates that a person named John reveals different partial identities to different communication partners in dependence on the roles that he is performing. In the non-electronic world, individuals naturally had control over the releases of their partial identities to other parties. In the information age, users have more or less lost effective control over their personal spheres. When communicating via the Internet, users are leaving many personal data traces at various sites, which can be easily compiled to extensive personal profiles. Besides, due to low costs and technical advances of media storage, masses of data can easily be stored, processed and are hardly ever deleted or forgotten. These processes of personal data collection, storage and processing are often not transparent for the individuals concerned. Emerging pervasive computing technologies, where individuals are usually unaware of a constant data collection and processing in their surroundings, will even heighten this problem.

Privacy as an expression of the human dignity is considered as a core value in democratic societies and is recognized either explicitly or implicitly as a fundamental human right by most constitutions of democratic societies. Today, in many legal systems, privacy is in fact defined as the right to informational self-determination, i.e. the right of individuals to determine for themselves when, how, to what extent and for what purposes information about them is communicated to others. For reinforcing their right to informational self-determination, users need technical tools that allow them to manage their (partial) identities and to control what personal data about them is revealed to others under which conditions. Identity Management (IDM) can be defined to subsume all functionality that supports the use of multiple identities, by the identity owners (user-side IDM) and by those parties with whom the owners interact (services-side IDM). According to Pfitzmann and Hansen, identity management means managing various partial identities (i.e. set of attributes, usually denoted by pseudonyms) of a person, i.e. administration of identity attributes including the development and choice of the partial identity and pseudonym to be (re-)used in a specific context or role (Pfitzmann and Hansen 2008). Besides, transparency-enhancing tools (which are often part of privacy-enhancing identity management systems, see below) can help users to make the processing of their personal data more transparent, i.e. visible and understandable for them, and support them in their decision making by informing them about consequences of personal data releases.

[FIGURE 1 OMITTED]

The objective of this paper is to discuss the benefits of privacy-enhancing identity management system including transparency enhancing tools. For this, we will especially explore the potentials of the PRIME IDM system, which has been developed within the EU Framework Programme 6 project PRIME (1) (Privacy and Identity Management for Europe). In the next section, we present how the PRIME system and its technical components can help to protect the user's privacy when he is communicating with a services sides with that he is interacting by enforcing legal privacy principles such as data minimisation, purpose binding and transparency while also establishing trust of the user in the services side and vice versa. In section 3, we will then illustrate how PRIME technologies can be applied in an e-shopping scenario to enhance both privacy and trust of online consumers while still allowing Internet shops to conduct their legitimate business interests or activities with less or no personal information. …