Today, more than ever before, technological progress is evolving rapidly, and in the absence of adequate regulatory frameworks, the big players in the digital market (the so-called Big Techs) are exploiting personal data (name, address, telephone numbers) and private data (political opinions, religious beliefs, financial information, or health status) in an uncontrolled manner. A crucial role in this scenario is played by the weakness of international regulatory frameworks due to the slow response time of legislators who are incapable, from a regulatory point of view, of keeping pace with technological evolution and responding to the new requirements coming from the social context, which is increasingly characterized by the pervasive presence of new technologies, such as smartphones and wearable devices. At the European level, the General Data Protection Regulation (GDPR) and the Regulation on Electronic Identification, Authentication and Trust Services (eIDAS) have marked a significant turning point in the regulatory landscape. However, the mechanisms proposed present clear security issues, particularly in light of emerging concepts such as digital identity. Moreover, despite the centrality of biometric issues within the European regulatory framework and the practical introduction of biometric data within electronic national identity (eID) cards, there are still no efforts to use biometric features for the identification and authentication of a person in a digital context. This paper clarifies and precisely defines the potential impact of biometric-based digital identity and hypothesizes its practical use for accessing network-based services and applications commonly used in daily life. Using the Italian eID card as a model, an authentication scheme leveraging biometric data is proposed, ensuring full compliance with GDPR and eIDAS regulations. The findings suggest that such a scheme can significantly improve the security and reliability of electronic identification systems, promoting broader adoption of eIDAS solutions.
Digital Identity in the EU: Promoting eIDAS Solutions Based on Biometrics / Ruiu, Pietro; Saiu, Salvatore; Grosso, Enrico. - In: FUTURE INTERNET. - ISSN 1999-5903. - 16:7(2024). [10.3390/fi16070228]
Digital Identity in the EU: Promoting eIDAS Solutions Based on Biometrics
Ruiu, Pietro;Saiu, Salvatore;Grosso, Enrico
2024-01-01
Abstract
Today, more than ever before, technological progress is evolving rapidly, and in the absence of adequate regulatory frameworks, the big players in the digital market (the so-called Big Techs) are exploiting personal data (name, address, telephone numbers) and private data (political opinions, religious beliefs, financial information, or health status) in an uncontrolled manner. A crucial role in this scenario is played by the weakness of international regulatory frameworks due to the slow response time of legislators who are incapable, from a regulatory point of view, of keeping pace with technological evolution and responding to the new requirements coming from the social context, which is increasingly characterized by the pervasive presence of new technologies, such as smartphones and wearable devices. At the European level, the General Data Protection Regulation (GDPR) and the Regulation on Electronic Identification, Authentication and Trust Services (eIDAS) have marked a significant turning point in the regulatory landscape. However, the mechanisms proposed present clear security issues, particularly in light of emerging concepts such as digital identity. Moreover, despite the centrality of biometric issues within the European regulatory framework and the practical introduction of biometric data within electronic national identity (eID) cards, there are still no efforts to use biometric features for the identification and authentication of a person in a digital context. This paper clarifies and precisely defines the potential impact of biometric-based digital identity and hypothesizes its practical use for accessing network-based services and applications commonly used in daily life. Using the Italian eID card as a model, an authentication scheme leveraging biometric data is proposed, ensuring full compliance with GDPR and eIDAS regulations. The findings suggest that such a scheme can significantly improve the security and reliability of electronic identification systems, promoting broader adoption of eIDAS solutions.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.