Editorial

Does GDPR mean we need to re-think quite a few Digital Identity questions?

Since the GDPR’s passage, registrars have been concerned that continuing to make data public may place them in a legally awkward situation due to the law’s potentially significant fines – but the American Enterprise Institute offers a possible solution

Posted 26 March 2019 by Gary Flood


Since GDPR, has the Internet Corporation for Assigned Names and Numbers (ICANN) struggled to balance GDPR-compliance – the law requires that certain information be obscured – with its contractual obligation to keep public the names and contact information of domain name holders for legitimate access by law enforcement and third parties?

For at least one commentator, the answer is ‘yes’ – and as a result, it is time to change how domain names are registered, a move that could open the way for an “identification system that also preserves an individual’s anonymity” that would be in turn “a major next step in digital accessibility”.

The ideas come from a new blog post on the website of the American Enterprise Institute – a public policy think tank – by former Bush White House staffer and cybersecurity expert Shane Tews.

“A comprehensive digital identity framework would help promote a safer and more secure online environment by protecting data and ensuring that requests for access to data are appropriate,” writes Tews.

“This would give ICANN’s contracting parties more control over their customers’ information and achieve a balance with their privacy compliance concerns. Taking the identifiable information of a ‘natural person’ out of the equation meets the criteria of the GDPR regulatory regime because any request to unmask the personal data will require a request for access from an appropriate party.

What that would mean, she argues: “trustworthy Digital Identity – while the move away from physical artefacts to create and maintain identities might “allow for more digital interactions in which individuals can verify that they are who they say they are”.

“A new digital identity service has both government and commercial viability for validating transactions, record keeping, and regulatory compliance,” she concludes.

“Instead of trying to fit old policies with new regulations, let’s hope innovators embrace technology to move us forward to a better, more productive way of using the Internet.”