National digital identity schemes and systems should be complying with human rights standards, including the right to privacy and protection of personal data.
While national digital identity schemes and systems (NIDS) bring significant benefits, notably in helping individuals’ access to important rights, they may also have adverse consequences for the human rights of individuals and communities and groups of individuals. These consequences can range from discrimination and exclusion to marginalisation, to unwarranted profiling and surveillance, to a person’s loss of control over their identity or even the misuse or theft of one’s identity.
To counter this potential for adverse impacts on human rights, NIDS should take a human right centered approach as anchored in international law, starting from the policy, design, implementation, and operation of national digital identity schemes and systems.
Founded on the principles and provisions of Convention 108+, these guidelines promote an objective assessment of all interests at stake including the benefits of such systems against the interference they might represent with human rights and fundamental freedoms of individuals. They also provide recommendations for each type of actors of the development and implementation of such systems as well as concrete guidance for the engagement of stakeholders in an impact assessment.
INTRODUCTIONSCOPE AND PURPOSE PRINCIPLES FOR THE PROTECTION OF PERSONAL DATA AND HUMAN RIGHTS AND FUNDAMENTAL FREEDOMS – HUMAN DIGNITY
Legitimacy of processing
Fairness and transparency
Specific and legitimate purpose(s) and purpose limitation
Data quality – accurate, adequate, relevant, and not excessive
Security of processing
Profiling and automated decision making
Human rights and privacy by design and human rights centred impact assessments
Rights of individuals
RECOMMENDATIONS FOR POLICY AND DECISION-MAKERS RECOMMENDATIONS FOR DATA CONTROLLERS RECOMMENDATIONS FOR MANUFACTURERS, SERVICE PROVIDERS AND DEVELOPERS RECOMMENDATIONS FOR SUPERVISORY DATA PROTECTION AUTHORITIES GLOSSARY ANNEX A
– SUGGESTED LIST OF STAKEHOLDERS ANNEX B
– EXAMPLE STAKEHOLDER ENGAGEMENT APPROACH