From security versus privacy to identity: an emerging concept for policy design?

Purpose - The purpose of this paper is to examine the electronic identity (eID) market from a social, technical and regulatory viewpoint, and the opportunities/challenges for policymakers. The paper also aims to discuss whether a single European market for identity is realistic and whether a common eID framework for Europe is timely and appropriate. Design/methodology/approach - The paper presents a structured review of user behaviours, a timeline of technical developments, and an analysis of market trends and policy analysis in relation to the eID ecosystem. Findings - Users of electronic systems and applications disclose increasingly more identity-relevant data. These data are often a prerequisite to the supply of advanced electronic services. In economic terms, the utility functions of users and service providers in relation to eID data are divergent. This generates a market asymmetry, as service providers are able to extract value from user data via opaque value propositions. European policymakers have different options to redress this unbalance. An eID framework based on the ''privacy by design'' approach is seen to offer a solution to excessive disclosure, market fragmentation and unclear value propositions. The strengths and weaknesses of the approach are assessed. Research limitations/implications - Results from the application layer of the eID market are based on exploratory research. Evidence from a larger number of cases and sectors is required to determine and articulate emerging value chains. Practical implications - In discussing an eID framework, policymakers should address critical issues concerning resources and funding, balance between online versus offline transactions and between present versus future technologies, users' actual behaviours, the infrastructure of certification and trust, and governance at the industrial, member state and EU levels. Originality/value - The paper draws together research in four domains - social, technical, market and regulatory. It addresses for the first time the barriers to the ''privacy by design approach'', alongside its virtues. [ABSTRACT FROM AUTHOR]