Abstract
The new German electronic identity card will allow service providers to access personal data stored on the card. This imposes a new quality of data processing as these data have been governmentally verified. According to European privacy legislation any data processing must be justified in the sense that the personal data are necessary for the stipulated purpose. This need-to-know principle is a legal requirement for accessing the data stored on the eID card. This text suggests a model as basis for deriving general guidelines and aids further discussion on the question whether collecting personal data is necessary for certain business cases. Beyond the scope of the German eID card the extent and boundaries of what can be accepted as necessary data processing poses questions on a European level as well.
Chapter PDF
References
Naumann, I. (ed.): Privacy and Security Risks when Authenticating on the Internet with European eID Cards. ENISA Risk Assessment Report (2009), http://www.enisa.europa.eu/act/it/eid/eid-online-banking
Kubicek, H., Noack, T.: The path dependency of national electronic identities. In: Identity in the Information Society (IDIS), pp. 111–153 (2010), http://www.springerlink.com/content/17t6467515511359/fulltext.pdf
Bundesregierung (German Federal Government): Entwurf eines Gesetzes über Personalausweise und den elektronischen Identitätsnachweis sowie zur Änderung weiterer Vorschriften (reasoning for German Law on Identity Cards). In: Bundestagsdrucksache (BT-Ducks.) 16/10489 (2008), http://dipbt.bundestag.de/dip21/btd/16/104/1610489.pdf
Leenes, R., Schallaböck, J., Hansen, M. (eds.): PRIME White Paper. Deliverable of the Project PRIME – Privacy and Identity Management for Europe (2008), https://www.prime-project.eu/prime_products/whitepaper/PRIME-Whitepaper-V3.pdf
Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele – Revisited. Datenschutz und Datensicherheit (DuD) 33(6), 353–358 (2009), http://www.maroki.de/pub/privacy/DuD0906_Schutzziele.pdf
Kuner, C.: European Data Protection Law: Corporate Compliance and Regulation, 2nd edn. Oxford University Press, USA (2007)
Polenz, S.: Der neue elektronische Personalausweis. E-Government im Scheckkartenformat. Multimedia und Recht (MMR) (10), 671–676 (2010), http://beck-online.beck.de/
Ad-hoc working party of the German data protection authorities: Datenschutzrechtliche Leitlinien für die Erteilung von Berechtigungen nach § 21 Abs. 2 PAuswG aus Sicht der Ad-hoc-Arbeitsgruppe nPA der Datenschutzbeauftragten des Bundes und der Länder. Final version as of September 10th (2010), http://www.datenschutzzentrum.de/neuer-personalausweis/
Fischer-Hübner, S., Zwingelberg, H. (eds.): UI Prototypes: Policy Administration and Presentation – Version 2. PrimeLife Deliverable D4.3.2 (2010), http://www.primelife.eu/results/documents
Gola, P., Klug, C., Körffer, B., Schomerus, R.: BDSG Bundesdatenschutzgesetz – Kommentar, 10th edn., Beck, Munich, Germany (2010)
Däubler, W., Klebe, T., Wedde, P., Weichert, T.: Bundesdatenschutzgesetz – Kompaktkommentar zum BDSG, 3rd edn., Bund, Frankfurt, Germany (2010)
Carey, P.: Data Protection – A Practical Guide to UK and EU Law, Oxford (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zwingelberg, H. (2011). Necessary Processing of Personal Data: The Need-to-Know Principle and Processing Data from the New German Identity Card. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)