WEIS 2009

The Policy Maker's Anguish: regulating personal data behaviour between paradoxes and dilemmas


  • Regulators in Europe and elsewhere are paying great attention to identity, privacy and trust in online and converging environments. Understanding and regulating identity in a ubiquitous information environment is seen as one of the major drivers of the future Internet economy. Regulation of personal identity data has come to the fore including mapping conducted on digital personhood by the OECD; work on human rights and profiling by the Council of Europe and major studies by the European Commission with regard to self-regulation in the privacy market, electronic identity technical interoperability and enhanced safety for young people.

    These domains overlap onto an increasingly complex model of regulation of individuals' identity management, online and offline. This model comprises consumer policy, where priorities are set based on the critical assessment of location and service fruition and trust and privacy as prerequisites for the future common digital market; human rights agenda, in line with the consequences of advanced profiling techniques and with surveillance concerns in relation to information society security; online safety policy, especially in relation with younger users policies concerning the right of access to advanced, interoperable EU services in the sphere of justice; and a set of policies regarding the economic impact of future networks. This implies a regulatory infrastructure of identity which, if fully sketched, is way grander than one that to date tackles identity-theft and ensures smooth services fruition across the EU (interoperability).

    The paper claims that policy makers struggle to deal with issues concerning electronic identity. This has two main reasons: the apparently irrational and unpredictable behaviour of users when engaging in online interactions involving identity management and a seemingly intractable set of dilemmas. The former problem, verily a set of behavioural paradoxes, is compounded by the lack of multi-country, systematic, comprehensive data on users' attitudes and behaviours: trust, privacy, behavioural intentions and confidence in relation to personal identity data. In addition, debate is mainly limited to the so-called privacy paradox and people's willingness to disclose personal data.

    Building on empirical survey evidence from four EU countries, this paper examines the last aspect in detail – citizens' management of identity in a digital environment. We build on data from of a large scale [n = 5,265] online survey of attitudes to electronic identity among young Europeans' [France, Germany, Spain, UK] conducted in August 2008. The survey asked questions about perceptions and acceptance of risks, general motivations, attitudes and behaviours concerning electronic identity.

    This paper is unusual as it defies the established practice of hypothesis testing, corroboration or rejection. Rather, data and results follow a logical argument to support the main thrust of the paper that identity-related policy making is hampered by multiple aims, behavioural idiosyncrasies and systemic dilemmas. While this may be seen as less than 'scientific' in traditional hard science milieus (physical security of identity systems), it contributes to articulate a debate that is sometimes overlooked in such circles. In the conclusion, the paper argues for the extension of the identity debate to span policy circles, the engineering community and a growing section of multi-disciplinary approaches to identity.


Return to the previous page.