Privacy by Design : Current Practices in Estonia, India, and Austria

Categories : Digital identity, Technology and Operational Enablers

Posted:

Author: World Bank

Digital identification systems, integrated with civil registration, can play a transformational role across many development areas, such as financial inclusion, expanding access to services and social safety nets, and effective humanitarian response. But while the opportunity is great, so are the risks. One set of risks results from collecting, using, and managing personal data, which creates serious privacy challenges. Risks also include: (1) Incorrect or inaccurate data collection, leading to mistaken identity or unjust treatment; (2) Data collected for one purpose being used for another purpose without the user’s consent; and (3) Unauthorized or inappropriate transfer of data between government agencies, governments, and even with third non-governmental parties. The importance of data privacy in building digital ID systems is highlighted in the Principles on Identification developed by the World Bank in 2017. These principles have been signed onto by more than 20 international organizations and development partners as being fundamental to maximizing the benefits of identification systems for sustainable development.

This note by the World Bank explores the examples of ‘privacy by design’ features already being deployed in digital ID systems in a few jurisdictions globally, including minimal data collection, randomized unique identity numbers allotment, and tokenization in Estonia, India, and Austria. The privacy and data protection features in these three countries have been studied through desk research and discussions with technical experts from Estonia and India.