Convergence of Digital Identity Policies Will Enable Next Generation Services

December 1, 2016

Blog

Marta Ienco, Head of the Government & Regulatory affairs, Personal Data  

marta-ienco-headshot-v2That the future of public services is digital is becoming increasingly apparent in Europe and internationally. Italy, for example, has launched its nationwide Public System for Digital Identity Management, or SPID, which facilitates faccess to e-government and public services by citizens and companies alike and will be available across multiple computing platforms. SPID has already been adopted by many of the nation’s universities and 3,300 municipalities, while all of Italy’s public administrations are due to offer SPID-based services by the end of the year. Finland’s government is acting in concert with mobile operators to encourage wholesale migration of services online, driving uptake in a country where more than 90% of the population have both a mobile device and internet access. In the UK, the government’s GOV.UK Verify initiative verifies  identity through certified companies, enabling citizens to access a variety of public services such as welfare applications, tax returns and reporting medical conditions. Perhaps the most striking example at present is Estonia which, by issuing every citizen with an eID at birth, has been able to offer fully 99% of its public services online. Consequently, hospital queues have dropped by a third, and police work has become a staggering fifty times more efficient.

These are just a few of the national identity initiatives that have sprung in Europe over recent years. But there are also a number of pan-European regulations designed to accelerate the uptake of digital identity services amongst Member States.  One such milestone is the EU eIdentification and Trust Services (eIDAS) Regulation which enables citizens and businesses to use national digital identity solutions to access public services in other EU countries. The revised Payment Services Directive (PSD2) also opens up multiple opportunities for third parties – such as Mobile Network Operators – to provide identity attributes and authentication in the payments space. Importantly, PSD2 aims to mandate for secure strong customer authentication, which will improve consumers’ protection for online payments and that mobile operators are in a good position to deliver seamless and without frictions.

There remains, however, much to be done to bring this digital future into being across Europe. For public sector services, in October, the European Commission published the e-Government Report for 2016, its benchmarking survey on the state of digital services across the EU. It finds that while 81% of services in EU countries are now available online, growth across member states is highly uneven, with a significant number lagging behind in adoption and quality. Crucially, a lack of mobile-readiness in e-government services has proved a barrier to accessibility. The report finds that, while the use of mobile devices to access the internet has taken off in earnest over the last five years, “still only 1 in 3 public websites is ‘mobile-friendly’.”

The implications for efficiency are discouraging. For instance, the number of e-government services using simple authentication services as databases to pre-fill online forms has grown by only 2%, bringing the total to still less than half, at 49%. Cross-border services were shown to inhibit business mobility, with 25% of those required by foreign entrepreneurs being wholly offline, requiring a physical encounter for completion. The number of automated services was found to be wholly static, remaining stable at 3% of all services since the first measurement. The authors therefore urge “an acceleration in order to keep up with private sector, and citizens’ expectations”. As was made clear in the report’s findings, digital identity is a key enabler for both public and private sector services but is not yet being used to its full potential.

The need for harmonisation of standards in digital identity is recognised beyond Europe. National eID initiatives have been brought forward in Canada, India, Australia and New Zealand; the direction of travel is clear, but for the journey to be completed, users’ expectations must be met in a coherent way both within and between national contexts.

In early November, the 54th session of the United Nations Commission on International Trade Law (UNCITRAL) Working group IV on Electronic Commerce in Vienna, building on the preparatory work of the its first colloquium, reached broad consensus on the fundamental importance of addressing the legal issues for identity management and trust services for electronic transactions, with the aim of improving international trade and commerce by removing legal obstacles and enabling international cross-border interoperability

The National Institute of Standards and Technology (NIST) in the US is also reviewing two important public consultations. One on Developing Trust Frameworks to Support Identity Federations, and a more extensive special publication guiding the industry on Digital Authentication. This resource aims to facilitate agreements between communities in the development of federated identity frameworks – and thereby accelerate the pace of digitisation in services through enhanced public trust in their security – through four guiding principles concerning privacy, security, interoperability and accessibility. Indeed, these criteria seem to be the bedrock for many national ID schemes, and are providing the basis for which the private sector can develop solutions that can work on a global scale.

One such solution developed by the private sector, Mobile Connect, is well-placed to aid this growing move towards harmonisation on a global scale. Its design, for example, is in accordance with the relevant guiding principles set out by NIST, eIDAS and PSD2. Last year, Mobile Connect was successfully trialled in cross-border authentication for public sector services. The trial was the first of its kind to be fully compatible and in line with eIDAS Regulation and was applauded for its successful results.

Because Mobile Connect gives the user control of who they share their data with, it maintains the maximum level of privacy that can be afforded to the user. And as an operator-led solution, it places data in the hands of those best-able to monitor and identify potentially fraudulent activity. The GSMA report ‘Mobile Connect: Mobile High-Security Authentication’, explains how Mobile Connect can deliver improved security and privacy for consumers authenticating themselves online and authorising digital transactions, and how the solution will evolve in future.

As the demand for digital services grows, private sector service providers and governments will increasingly feel the need for an interoperable identity solution that can be used securely and conveniently anywhere on the globe. Mobile Connect’s utilisation of a mobile, the piece of technology the vast majority carry on them as a matter of course, offers as much convenience and accessibility as can be hoped for.

Back

The PSD2 Opportunity: Mobile Operators and Fintech This paper discusses the opportunities relating to the partnership between mobile network operators and fintech companies, and how both parties can benefit from each others&#...

Read more | See all Personal Data Resources

SK Telecom: Integrating Existing Identity Solutions into Mobile Connec In December 2016, SKT adapted both T-Auth and T-ID to comply with the Mobile Connect specifications. The goal was to make it easier for international customers to use SKT’s app...

Read more | See all Personal Data Resources

Seminar Presentations from Mobile World Congress 2017 Mobile World Congress 2017 hosted three industry seminars on Mobile Connect and the future of digital identity.  You can find out more about each of these subjects by downloadin...

Read more | See all Personal Data Resources

SIM Toolkit Device Requirements to Improve Mobile Connect Customer Exp This document presents the requirements for the device to improve the user experience of the Mobile Connect SIM applet authenticator. The ETSI (The European Telecommunications St...

Read more | See all Personal Data Resources

Mobile Connect demonstrations As Mobile Connect advances, more examples of its uses continue to emerge. These two videos are the latest demonstrations of Mobile Connect in action. The first illustrates how Mo...

Read more | See all Personal Data Resources

Mobile Connect: mobile high-security authentication This non-technical paper is designed to address security questions related to authentication, especially with respect to payments, banking and online commerce. It explains how Mo...

Read more | See all Personal Data Resources

Trust & Privacy will be Increasingly Important to eID Market ‘Cybercrime keeps Climbing’. This was one of the principal findings from PwC’s Global Economic Crime Survey 2016, and a reminder that many businesses are unprepared for -or...

Read more | Visit Personal Data Blog

The Next Phase of Cross-Border Public Services With over 3 billion enabled users worldwide and its federated distributed architecture, Mobile Connect is a leading example of a mobile identity and authentication solution for g...

Read more | Visit Personal Data Blog

Mobile Connect’s collaboration with leading brands during MWC17 poin Mobile World Congress revealed many ways in which mobile technology is evolving to deliver a new range of digital services. Inside the event’s GSMA Innovation City, we were giv...

Read more | Visit Personal Data Blog

Restoring Trust in the Digital Age – the Great Debate at MWC Industr The security of customer data has never been more crucial. In our digital world, the risk of fraud has reached unprecedented heights and consumers are increasingly cautious about...

Read more | Visit Personal Data Blog

The Future of Identity – Mobile, Invisible, seamless The identity landscape is beginning to evolve at breakneck speed. With new financial legislation set to introduce plethora of commercial opportunities yet potentially create a nu...

Read more | Visit Personal Data Blog

MWC 17: Examining the Mobile Industry’s Digital Identity Solution Authorisation and integration with emerging technologies are two of  Mobile Connect’s advances at this year’s GSMA Innovation City showcase Identity is quickly becom...

Read more | Visit Personal Data Blog

Mobile Connect Summit – London April 25, 2017 Sponsored by: We are pleased to be hosting the first Mobile Connect Summit of the year in London on the 25 & 26 April. As it becomes more apparent that digital identity so...

Read more | See all Personal Data Events

The Meaning of Being eIDAS Compliant: Update on the eIDAS-Mobile Conne May 04, 2017 This year, the GSMA will execute phase 2 of the pilot to demonstrate the scalability of Mobile Connect as a Europe-wide solution for eIDAS. The pilot will enable cross-border aut...

Read more | See all Personal Data Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.