Identification Systems and Their Legitimacy in the New Legislation on the Protection of Personal Data

Vlastimil Benes, Karel Neuwirt, Otto Dostal


In the new digital environment, citizens have the right to use tools to effectively control the usage of personal information related to them. Data protection is one of the fundamental rights in the EU guaranteed by the Charter of Fundamental Rights of the European Union. The article deals with the requirements that electronic identification system operators will have to take into account to ensure that the system in operation meets the requirements for the protection of personal data.

Full Text:



Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

The Guide to Privacy and Electronic Communications, Information Communications Office, U.K., London, May 2016.

Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, Article 29 data protection working party (WP 29), document WP 217, Brussels, 9 April 2014.

Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC), Article 29 data protection working party (WP 29), document WP 247, Brussels, April 2017.

CIPL Examples of Legitimate Interest Grounds for Processing of Personal Data (Discussion Draft), Centre for Information Policy Leadership, Hunton & Williams LLP, Brussels, March 2017.

Standardisation in the field of Electronic Identities and Trust Service Providers, Inventory of activities, European Union Agency for Network and Information Security (ENISA), 2014.

P. Woolfson and D. Terruso, “Data portability under EU GDPR: A financial services perspective,” Privacy Laws & Business International Report, pp. 12-14, 2016.

EDPS Opinion 9/2016 on Personal Information Management Systems, Towards more user empowerment in managing and processing personal data, European Data Protection Supervisor, Brussels, 2016.

P. M. Schwartz and D. J. Solove, “The PII problem: Privacy and a new concept of Personally Identifiable Information,” New York University Law Review, vol. 86, 2011, pp. 1814-1894.

S. Stalla-Bourdillon and A. Knight, “Anonymous Data V. Personal Data - A False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data,” Wisconsin International Law Journal, pp. 284-322, 2017, [Online] Available:



  • There are currently no refbacks.