Consortium provides guidelines on EU privacy law for businesses wanting to establish robust and trusted business frameworks for federated communities
Liberty Alliance Project – April 13, 2005 – The Liberty Alliance Project, a global consortium for open federated identity standards and identity-based Web services, today released “Circles of Trust: The Implications of EU Data Protection and Privacy Law for Establishing a Legal Framework for Identity Federation”. The document is a must-read for any organization planning to establish or participate in a Circle of Trust in the EU and beyond. Written for business managers and legal advisers of companies wanting to employ a Liberty-enabled identity management system, the paper is a guide for a federation of organisations implementing the Liberty specifications under the rigorous requirements of European privacy law.
The Circle of Trust is a concept central to the Liberty Alliance Project. A Circle of Trust is a federation of service providers and identity providers that have business relationships based on Liberty architecture and operational agreements, and with whom users can transact business in a secure and apparently seamless environment. As federated communities create interdependencies and, consequently, the need for trust between participants, the Circle of Trust is viewed by the Liberty Alliance as an essential component of establishing a system of federated identity based on Liberty specifications.
The legal framework document describes the impact that European privacy law has on the structure and nature of the Circle of Trust. The paper discusses such issues as: how EU privacy law treats identity and the use of identifiers; how the law applies to different entities in the federated identity ecosystem; and what rules apply to the transfer of personal data beyond the boundaries of the EU.
While primarily relevant to European companies, the paper is also important for non-European companies considering participation in federated communities that encompass EU citizens and organisations. The paper also provides useful guidance to Circles of Trust operating entirely outside the EU that are interested in following the EU standards to comply with international privacy guidelines.
“Businesses deploying the Liberty technology have to develop robust and trusted business frameworks while considering the impact of privacy laws,” said Stephen Deadman, member of Liberty’s Public Policy Expert Group and senior solicitor at Vodafone. “This paper provides guidance on the complex set of privacy laws in the EU that all organizations doing business in Europe will need to consider, and is an essential first step in ensuring that a Circle of Trust operates lawfully.”
As part of this effort, Liberty also recently announced the release of “Liberty Alliance and Japan’s Personal Information Protection Act.” Intended for organizations that adopt the Liberty Alliance specifications, this white paper is based on an analysis of Japan’s Personal Information Protection Act and Liberty’s guidelines and specifications regarding privacy. It presents various tools and guidance that can help organizations comply with the new law.
“Circles of Trust: The Implications of EU Data Protection and Privacy Law for Establishing a Legal Framework for Identity Federation” is available immediately from Liberty’s Web site (www.projectliberty.org). The paper was edited by Vodafone with contributions from France Telecom, Hogan & Hartson LLC, Neustar, NTT, Oracle and Sun Microsystems.
About the Liberty Alliance
Liberty Alliance (www.projectliberty.org) is an alliance of more than 150 companies, non-profit and government organizations from around the globe. The consortium is committed to developing an open standard for federated network identity that supports all current and emerging network devices. Federated identity offers businesses, governments, employees and consumers a more convenient and secure way to control identity information in today’s digital economy, and is a key component in driving the use of e-commerce, personalized data services, as well as Web-based services. Membership is open to all commercial and non-commercial organizations.