With a focus on Estonia, India and Austria, this report from the World Bank’s ID4D initiative uses desk research and interviews with technical experts to document current practice in enabling “privacy by design” in digital ID systems.
The paper outlines the evolution of user privacy since 1973, then provides case studies for Estonia, India and Austria which includes detail on the legal and institutional rights and ICT systems for each country.
Each case study covers the legal and institutional rights to privacy. In Estonia, where 99% of public services such as electoral votes are available online, these include: a unique PIN number, the X-Road platform that enables secure transfers and storage of data, minimal data sharing, anonymization of data, and the use of blockchain.
Each case study also offers an overview of each ID system’s architecture and a typical user journey.
The World Bank concludes that privacy is a top priority for ID systems, and that ‘privacy by design’ is an opportunity to ensure this is embedded into new frameworks around the world. They identify three key areas for innovation: exploring different approaches to ‘privacy by design’, assessment of design techniques from the perspective of usability, maturity, and ease of implementation, and the study of existing and emerging privacy enhancing technology.