Policy Perspectives on Digital Identity Management · Cooperation and Development (OECD) Policy...
Transcript of Policy Perspectives on Digital Identity Management · Cooperation and Development (OECD) Policy...
Organisation for Economic Cooperation and Development
(OECD)
Policy Perspectives on Digital Identity Management
UNCITRAL Colloquium on Identity Management and Trust Services
Vienna, April 21, 2016 Jane Hamilton Chair, OECD Working Party on Security and Privacy in the Digital Economy
The OECD
• Inter-governmental organization with 34 member countries plus collaborates with over 100 other economies
• Multistakeholder forum that includes business, trade unions, and other communities
• Focus is statistics, economic and social data, economic analysis and forecasts
• Policy analysis based on economic and social research
• Guidance to help governments implement national policies that are effective in an international environment
• Council Policy Recommendations: Non-binding legal instruments that member and non-member countries are encouraged to implement
2
OECD Working Party on Security and Privacy in the Digital Economy
OECD Mission
“Better Policies for Better Lives”
• Promote policies that will improve the economic and social well-being of people around the world.
• Provides a forum for governments can work together, share experiences, and seek solutions to common problems.
• Social and Economic Prosperity
Committee Structure
• OECD Council • 250 Committees, Working Groups and Expert Groups
Digital Economy • Committee on Digital Economy Policy • Working Party on Security and Privacy
Working Party on Security and Privacy
• Mandate is to develop and promote policies to strengthen trust in the digital economy
Focus of Work
• Digital economy policy, online transactions, enabling innovation and building trust
• More specifically, managing digital security risks to economic and social activities and protecting privacy
• Digital identities in the context of privacy, security, trust and innovation
3
History of OECD work on Digital Identity
2011
Digital Identity Management
Guidance
•Sets out guidance for government policy makers •Supports innovation while enhancing security, privacy and trust online
2009
Primer for Policy Makers
•Clarifies main concepts •Outlines public policy (interoperability, security, privacy, user empowerment •Scope limited to natural persons
2010
National Strategies
Survey
•Survey of 18 OECD member countries •Comparative analysis of national strategies •Basis for guidance document
4
2011 Digital Identity Management
Digital Identity Management – Enabling Innovation and Trust in the Digital Economy
• Published in 2011
• Guidance for Policy Makers, National
Strategies survey results, primer for policy makers
• http://oe.cd/idm
5
Related Recommendations of OECD Council
Recommendation of the Council Concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data
• Revised in 2013 as The OECD Privacy Framework
• Updated guidance that had been in place for 30+ years
• http://oe.cd/privacy
Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity
• Replaces the 2002 Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
• Guidance for a new generation of national strategies on the management of digital security risk
• https://oe.cd/dsrm
6
Roundtables on Digital Identity
Working Party recently held two Roundtables on Digital Identity in December 2014 and June 2015
• Included updates from member countries
• Presentations from experts/private sector
• Discussed policy themes/challenges and economic factors
• Identified key themes for digital identity
• Considered potential future work items
7
Current Focus
• Digital identity is at the centre of trusted transactions online
• Digital identity management has the potential to foster economic benefits
8
OECD Policy Perspectives
• The management of digital identity has many facets – social, economic, technical, legal, and cultural
• Elements of Working Party focus are:
o Security and Privacy
o Interoperability
o Usability/Convenience
• Member countries have different approaches to digital identity based on history, culture and role of government
• But there are common objectives -- to realize e-government, to foster innovation and to strengthen cybersecurity
9
Key Policy Themes/Challenges
• Digital identity does not stop at national borders
– E.g. jurisdictional considerations and associated liability, cross-border roles and responsibilities
• Innovation and the evolving/emerging technology will raise challenges
relating to privacy, security and convenience – e.g. Internet of Things and the concept of user management access
• The new data-driven economy has brought with it a fundamental
change in the nature of digital identity
• There are significant benefits to moving to a user-centric model of digital identity
• Innovation in the private sector is important to digital identity
10
11
Potential Areas of Future Work on Digital Identity
• Raising Awareness of Digital Identity
• Furthering the Implementation of the OECD Privacy Guidelines
and Security Risk Recommendation
• The Business Case for Digital Identity
• Environmental Scan of Multi-jurisdictional Approaches to Digital Identity
• Principles/Best Practices for Trust Frameworks
• Exploring the Role of Public-Private Co-operation in Digital Identity Management
Would Welcome Collaboration with UNCITRAL
OECD Working Party on Security and Privacy in the Digital Economy (SPDE)
http://www/oecd.org/sti/security-privacy
Jane Hamilton, Chair of SPDE
12
Thank you