Electronic identity verification: personal data protection challenges and risks

Abstract

This work highlights the clash of GDPR, eIDAS Regulation and PSD2 Directive, as well as tackles challenges of implementation in practice, specifically the challenges of securing personal data whilst ensuring an electronic identity. A comparative analysis on practical case studies which are concerned with electronic identity verification, electronic identity establishment and use electronic identity verification in the process of providing services is carried out in order to understand how such businesses tackle personal data challenges, how successfully and to what manner. The work concludes with findings of legal uncertainty between all three regulatory acts, as they lack unified definitions and interpretational certainty in terminology, as well as they are in a need of revision due to the fact that some relevant laws were developed prior GDPR.