Affiliation:
1. Department of Biomedical Science, University of Sassari, Viale Italia, 39/A, 07100 Sassari, Italy
2. Department of Law, University of Sassari, Viale Mancini, 5, 07100 Sassari, Italy
Abstract
Today, more than ever before, technological progress is evolving rapidly, and in the absence of adequate regulatory frameworks, the big players in the digital market (the so-called Big Techs) are exploiting personal data (name, address, telephone numbers) and private data (political opinions, religious beliefs, financial information, or health status) in an uncontrolled manner. A crucial role in this scenario is played by the weakness of international regulatory frameworks due to the slow response time of legislators who are incapable, from a regulatory point of view, of keeping pace with technological evolution and responding to the new requirements coming from the social context, which is increasingly characterized by the pervasive presence of new technologies, such as smartphones and wearable devices. At the European level, the General Data Protection Regulation (GDPR) and the Regulation on Electronic Identification, Authentication and Trust Services (eIDAS) have marked a significant turning point in the regulatory landscape. However, the mechanisms proposed present clear security issues, particularly in light of emerging concepts such as digital identity. Moreover, despite the centrality of biometric issues within the European regulatory framework and the practical introduction of biometric data within electronic national identity (eID) cards, there are still no efforts to use biometric features for the identification and authentication of a person in a digital context. This paper clarifies and precisely defines the potential impact of biometric-based digital identity and hypothesizes its practical use for accessing network-based services and applications commonly used in daily life. Using the Italian eID card as a model, an authentication scheme leveraging biometric data is proposed, ensuring full compliance with GDPR and eIDAS regulations. The findings suggest that such a scheme can significantly improve the security and reliability of electronic identification systems, promoting broader adoption of eIDAS solutions.
Funder
National Recovery and Resilience Plan
European Union—NextGenerationEU—Project Title “METATwin—Metaverse & Human Digital Twin: digital identity, Biometrics and Privacy in the future virtual worlds”
Italian Ministry for Research and Education
Reference51 articles.
1. Solove, D.J. (2004). The Digital Person: Technology and Privacy in the Information Age, NyU Press.
2. Innovating and changing the policy-cycle: Policy-makers be prepared!;Janssen;Gov. Inf. Q.,2018
3. Privacy, trust and policy-making: Challenges and responses;Wright;Comput. Law Secur. Rev.,2009
4. Rule, J.B., and Greenleaf, G.W. (2010). Global Privacy Protection: The First Generation, Edward Elgar Publishing.
5. Casagran, C.B. (2016). Global Data Protection in the Field of Law Enforcement: An EU Perspective, Routledge.