Considering the importance of the eIDAS regulation, the current state of implementation of its stipulations both in the European Union and in our country, a comprehensive study of implementations and ...usage of digital identity tools (eID - electronic Identity) within the EU member states, revealing their peculiarities and the challenges related to the unitary integration required by eIDAS, proved both useful and necessary. The study is also justified by the fact that, on September 29, 2018, the eIDAS regulation became mandatory for each EU country stating that each EU country has to recognize both legally and practically - through interconnection in the eIDAS nodes network - the other EU countries notified digital identification schemes.
The article examines the impact of electronic contracts on financial systems, highlighting the changes brought about by financial technologies (FinTech) through electronic contracts as well as ...digital signatures. The impact of FinTech also extends to markets, transforming the way businesses and institutions interact, including intraorganisational and stakeholder relationships. The article highlights the benefits of e-contracting, such as reduced costs, increased efficiency and process automation. Through FinTech, e-commerce has evolved significantly, facilitating new business models with a digital presence and improving contracting between companies and their customers. Particular attention is paid to electronic signatures, which are considered legal means of signing documents in the digital environment. The article also highlights the evolution of smart contracts, based on blockchain technology, which automate contractual processes and can be concluded without the direct involvement of the parties. Thus, a landscape is emerging in which financial technologies continue to redefine and innovate the global financial system.
The aim of the article is to analyse issue of cross-border recognition and harmonized rules of electronic signatures under the eIDAS Regulation, which is intended to enable cross border electronic ...transactions. The authors reveal whether the legal order of the Estonia reflects the changes that have occurred in the field of electronic signatures since eIDAS Regulation. This article examines the legal consequences of a new distinction between the levels of electronic signature in the legal order of a Member State in private transactions and administrative procedures and the conditions under which cross-border recognition of electronic signatures in the European Union takes place.
On 3 June 2021, the European Commission issued a proposal for a European Digital Identity Regulation, which seems to not have raised much discussion among legal scholars, even though digital identity ...raises several fundamental rights implications. The introduction of a unique and persistent identifier may be understandable from a practical point of view, but cannot be accepted due to its risks and the fact that it potentially infringes the German prohibition on general unique identifiers.
Abstract
Several sector-specific studies on EU data protection and cybersecurity frameworks can be found in the literature, but their differing legal domains has hindered the development of a common ...analysis of the different sets of provisions from a business perspective. This article sets out to bridge this gap, providing a systematic review and a cross-cutting operational analysis of the main legal instruments that constitute the common European approach to personal data and cybersecurity regulation for the business sector. We aim to demonstrate the existence of a core of common principles and procedural approaches referring to specific cybersecurity and data security technologies. Analysis reveals a coordinated regulatory model based on five pillars: risk-based approach, by-design approach, reporting obligations, resilience and certification schemes. We also highlight the relationship between the main directives and regulations.
The article focuses on the intersections of the regulation of electronic identification as provided in the eIDAS Regulation and data protection rules in the European Union. The first part of the ...article is devoted to the explanation of the basic notions and framework related to the electronic identity in the European Union— the eIDAS Regulation. The second part of the article discusses specific intersections of the eIDAS Regulation with the General Data Protection Regulation (GDPR), specifically scope, the general data protection clause and mainly personal data processing in the context of mutual recognition of electronic identification means. The article aims to discuss the overlapping issues of the regulation of the GDPR and the eIDAS Regulation and provides a further guide for interpretation and implementation of the outcomes in practice.
The General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, ...we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.
Full text
Available for:
CEKLJ, EMUNI, FIS, FZAB, GEOZS, GIS, IJS, IMTLJ, KILJ, KISLJ, MFDPS, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, SBMB, SBNM, UKNU, UL, UM, UPUK, VKSCE, ZAGLJ
The digital identity (or electronic identity) of a person is about being able to prove upon authentication who one is on the Internet, with a certain level of assurance, such as by means of some ...attributes obtained from a trustworthy Identity Provider. In Europe, the eIDAS Network allows the citizens to authenticate securely with their national credentials and to provide such personal attributes when getting access to Service Providers in a different European country. Although the eIDAS Network is more and more known, its integration with real operational services is still at an initial phase. This paper presents two eIDAS-enabled services, Login with eIDAS and Wi-Fi access with eIDAS, that we have designed, implemented, deployed, and validated at the Politecnico di Torino in Italy. The validation study involved several undergraduate students, who have run the above services with their authentication credentials and platforms and with minimal indications on their usage. The results indicate that the services were beneficial. Several advantages exist both for the users and for the Service Providers, such as resistance to some security attacks and the possibility to adopt the service without prior user registration (e.g. for short meetings, or in public places). However, some students expressed doubts about exploiting their national eID for Wi-Fi access, mainly in connection with usability and privacy issues. We discuss also these concerns, along with advantages and disadvantages of the proposed services.
Within digital virtual space, secure and efficient user authentication and identification are essential to prevent identity theft and unauthorized access to sensitive information and services. The ...eIDAS network implementing the European Union (EU) Regulation 910/2014 links the electronic identity (eID) systems of EU countries to allow citizens' access by authenticating with government eIDs. At authentication time, the eIDAS nodes transfer core personal attributes (i.e., name, surname, date of birth, and an identifier) to the service providers (SPs). Since long-term applications require more personal or domain-specific data to provide the service or to perform identity matching, the SPs must obtain such data in an alternative way, with additional costs and risks. Herein, we extend the eIDAS network to retrieve and transfer additional person and domain-specific attributes besides the core ones. This process introduces technical, usability, and privacy issues that we analyze. We exploit a logical AP Connector between the eIDAS node and the entities providing additional attributes. We implemented two AP Connectors, named AP-Proxy and AP-OAuth2, integrated with the Italian pre-production eIDAS node to get additional attributes from the Politecnico di Torino university backend. In an experimental campaign, 30 students have accessed academic services at three foreign universities with recognized Italian eIDs, and transferred additional attributes over the eIDAS network. Despite some usability and privacy concerns encountered, the user experience was positive. We believe our work is helpful in the implementation of the recently adopted European Digital Identity framework, which proposes to extend the person identification data set recognized cross border, and the creation of digital wallets linking different data sets or credentials.
In many application domains, there is a need to ensure that users satisfy some requirements to use a service: for example, there is a minimum age to buy alcoholic beverages or to watch some videos on ...YouTube. In these situations, organizations typically collect more personal information than necessary to provide a better service. The consequence is a personal data leakage that violates the data minimization principle stated by the General Data Protection Regulation 2016/679. This article proposes a new approach for allowing individuals to maintain control over the disclosure of their data, deciding which information to disclose and for how long. Our approach is based on the use of social networks, and implementation on Facebook is presented to show that the proposed solution is effective, cheap, friendly, and simple to adopt.