Regulating Identity Management

Introduction

The notions of identity, privacy, personal information and data protection are closely related to each other. Privacy, according to Alan F. Westin ‘is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others’ [Wes67, p.7]. Another definition, provided by Lee Bygrave, states that privacy is ‘a condition or state in which a person … is more or less inaccessible to others, either on the spatial, psychological or informational plane’ [Byg02]. Discussions regarding to the nature and sense of ‘privacy’ is long-lasting and complex. This chapter will not go into this particularly challenging debate, but rather it will sketch the legal framework in which privacy enhancing identity management operates.