ID4Africa posts World Bank comparison of Privacy by Design practices for biometric national ID
The principles of Privacy by Design were outlined by Anne Cavoukian in 2011, but the way they are implemented in practice for protecting biometrics and other personal data varies greatly between national ID systems, as explored in a new post from ID4Africa.
Privacy By Design (PbD) practices in Estonia, India and Austria are significantly different, and the commonalities and differences are examined by the World Bank Group’s ID4D initiative.
The post outlines seven principles for PbD systems, noting that the approach specifies proactive, rather than reactive systems, privacy as a default setting, embedding privacy into technical design, and views the concept of privacy as a win-win goal, rather than a zero-sum trade-off. PbD systems should also provide end-to-end or full lifecycle protection, built-in visibility and transparency, and maintain user-centrism.
Estonia’s Citizen Portal, India’s Virtual ID and Tokenization, and Austria’s Sector Specific Identifiers are taken as examples of practical implementations of PbD principles, and an infographic compares the countries’ approaches to limiting data collection, consent, anonymization, accountability, and other factors. The encryption of biometrics on enrollment devices, and capability to lock them when not in use that are built into the Aadhaar system are noted along with digital signing and tokenization practices.