ID Enabling Environment Assessment (IDEEA) Guidance Note

This Guidance Note is an explanatory commentary on the diagnostic tool ID Enabling Environment Assessment (IDEEA), these diagnostic tools support the review and analysis of countries’ legal and regulatory environments for digital identification systems. This resource provides valuable due diligence for implementing responsible and effective digital ID programs.

Core Arguments & Findings

• Governments need to assess existing ID systems and registries, and their social, economic, legal and institutional contexts before digital ID program deployment (p. 6).

• The IDEEA builds on the ID4D Diagnostic as a supplementary tool intended to facilitate systematic assessment (p. 6).

• Legal and regulatory reviews should consider the purpose, design, usage, and cultural contexts surrounding countries’ national IDs and civil registration systems (p. 6).

• Key principles for digital ID implementation focus on inclusion, privacy and data protection to build public trust (p. 7).

  • Universal coverage, accessibility, robustness, security, interoperability, vendor neutrality, user privacy, financial sustainability, legal frameworks, and independent oversight (p. 7).

• Foundational ID systems provide general identification for public administration, while functional ID systems manage identification for specific services like voting or tax administration (p. 9).

  • Civil registration systems raise sufficiently similar legal and regulatory issues about data protection, privacy and inclusion as other foundational ID systems (p.10)

• Analysis of legal systems requires consideration of:

  • Applicable Laws & Regulations of: constitutional provisions, laws, regulations, and policies relating to discrimination, minorities and citizenship: (p. 13)

  • Data Protection, Article 5 of GDPR considers: process lawfully, fairly and transparently; collected for legitimate purposes; adequate and limited to what is necessary; accurate and up-to-date; kept no longer than necessary; and processed in appropriate manner for data security (p. 17)

• Breach notification laws generally require data controllers to inform individuals and/or authorities about breaches, and some international standards also impose duties on controllers to notify data subjects of significant breaches (p. 18).

• The use of data or any collection of intelligence related activities includes considering International and extraterritorial issues; and cyberthreats. The principles are part of current “best practices,” (p. 21)

Key Statistics & Data

• As of September 2018, 107 countries, including 66 developing or transition economies, have adopted legislation to safeguard data protection and privacy (p. 15).

• Achieving universal registration is a challenge: In mid-2016, the UN High Commissioner for Human Rights reported approximately 65% of births and only 36% of deaths were registered globally between 2005 and 2009 (p. 50).

Methodology

The ID Enabling Environment Assessment (IDEEA) acts as a supplementary diagnostic questionnaire, intended to facilitate a systematic assessment, along with examination of enabling laws, regulations, and institutions (p. 6). It generates a country profile to highlight areas where legal frameworks could be strengthened. (p. 6) The study incorporates international good practices, evolving international trends, experiences of other countries, and information relating to GDPR for creating a framework. The document takes a holistic approach through checklists, supplementary information and questionnaire feedback.

Key Conclusions & Recommendations

• ID programs should be designed to ensure that they serve productive purposes and avoid inappropriate ends like broad population surveillance (p. 6).

• National, digital ID systems, may also be part of or instrumentalities used for or lead to criminal activity *Cybercrime laws and measures need assessment for mitigation and mitigation.

• There are 10 Key points for Sustainable Digital and the process should contain reviews for effectiveness of framework around areas like transparency; and if it is aligned to current technology and environment around it.

• Care should be taken to ensure an analysis of risk in having an interoperable ID: ” comprehensive population databases, like those established as part of foundational ID systems, are a particularly tempting resource for law enforcement authorities, particularly when they contain biometric markers.”

• It is good for countries looking at and evaluating a design, to factor into all those that already recognize ID with specific standards - for instance ISO recognition.

Key Questions Addressed or Raised

Questions Addressed

• What key considerations are needed for developing and implementing a national digital ID system?
• What legal and regulatory frameworks should be assessed and strengthened to support the responsible and effective development of digital ID systems?

Questions Raised

• How can the risks associated with data collection, storage, and sharing be effectively mitigated while still enabling the benefits of interoperable ID systems?
• What strategies can be used to promote public trust and support for national digital ID systems while addressing potential concerns about privacy, security, and discrimination?