Digital identities


The Supreme Court of Jamaica has found Jamaica’s national identification system in violation of the constitution and by unanimous decision declared the entire National Identification and Registration Act (NIRA) void.  In a judgement delivered on 12 April, the court found that mandatory requirement of biometric identification abrogated the right to privacy.

NIRA was enacted in December 2017 and was yet to be operationalised. The law provided for establishment of a central databank that would consolidate identity and demographic information of persons in Jamaica. It had made it a criminal offence for a person not to register under the new law.  The court reviewed aspects of the impugned Act alongside Jamaica’s constitutional history and concluded that migration to digital identification was a significant change to Jamaican society. The new system, they found, went beyond identification of persons to a repository of biographical information that could potentially serve as digital surveillance.

The case had been instituted by a Member of Parliament and People's National Party (PNP) General Secretary Julian Robinson.

Kenya has enacted amendments to its national identification law that will enable the state to collect more precise data when issuing identification documents. These include digital Deoxyribonucleic Acid (DNA), GPS coordinates of residential addresses, retina and iris pattern, voice waves and earlobe pattern. Previously, persons were required to register their fingerprints, facial image, postal address and place of birth. The newly signed law will help to build a digital ID system known as National Integrated Identity Management System that will centralise birth, ID, refugee, death, driving licences and passport records.

in 2016 having a higher rate of registration of persons than most Sub-Saharan African nations. However, key gaps identified included having numerous identification databases as well as lack of a privacy and data protection framework. Although there are data protection Bills, the country is yet to enact a comprehensive privacy law.

The World Economic Forum released its publication Our Shared Digital Future Building an Inclusive, Trustworthy and Sustainable Digital Society that was produced in collaboration with leaders from business, government, academia and civil society. The paper aimed at shaping an agenda to move towards a more inclusive, trustworthy, and sustainable digital future in six shared goals that include universal internet access and adoption, digital transformation, digital identity, governance, cyber resilience, and data. The document reinforces the importance of addressing the digital divide through approaches that go beyond digital access to include digital literacy, digital identity, and a new social contract that allows all classes of society to benefit from the digital economy. Additionally, the paper outlines some digital initiatives and provides common frame around which initiatives can focus and become mutually reinforcing. It further posits a raft of open questions to form the discourse in different forums in 2019.

The Supreme Court of India has ruled that the right to privacy is a fundamental right. The judgment, which will impact the lives of over 1.34 billion Indians, comes as the Indian government is seeking to roll out a biometric database (Aadhaar) linking personal details with iris scans and fingerprints. Petitioners had challenged the government's move to make Aadhaar mandatory. The Supreme Court’s judgment, which overruled an earlier lower court judgment declaring that the right to privacy is not a fundamental right, does not however invalidate Aadhaar. The validity of the scheme will be tested separately by the Supreme Court.

The US National Institute of Standards and Technology (NIST) has issued "Notice and request for nominations for candidate post-quantum algorithms". The NIST observes that, once the quantum computers are built and widely available, the entire public-key cryptography of today may be obsolete, and all the encrypted documents may become compromised. While the deadline for submissions of the ideas is set to end of November 2017, NIST acknowledges that, most likely, the work could be widely-tested within next 20 years only, The Register reports.

Although blockchain technology is mainly associated with the e-commerce and e-money and virtual currencies sectors, online cryptocurrency journal The Merkel has identified a trend that is bringing blockchain closer to digital identities. The journal reports that a number of blockchain startups are focusing on using the technology to create digital identities, and are seeing a promising growth in this segment of the market.

Broadly speaking, digital signatures are linked to the authentication of individuals on the Internet, which affects many aspects, including jurisdiction, cybercrime, and e-commerce. The use of digital signatures should contribute to building trust on the Internet.

Digital authentication in general is often considered to be part of the e-commerce framework, as it is aimed at facilitating e-commerce transactions through the conclusion of e-contracts. For example, is an agreement valid and binding if it is completed via e-mail or through a website? In many countries, the law requires that contracts must be ‘in writing’ or ‘signed’. What does this mean in terms of the Internet? Faced with these dilemmas and pressured to establish an e-commerce-enabling environment, many governments have started adopting legislation on digital signatures.


When it comes to digital signatures, the main challenge is that governments are not regulating an existing problem, such as cybercrime or copyright infringement, but creating a new regulatory environment in which they have no practical experience. This has resulted in a variety of solutions and a general vagueness in the provisions on digital signatures. Three major approaches to the regulation of digital signatures have emerged.

The first is a minimalist approach, specifying that electronic signatures cannot be denied because they are in electronic form. This approach specifies a very broad use of digital signatures and has been adopted in common law countries: the United States, Canada, New Zealand, and Australia.

The second approach is maximalist, specifying a framework and procedures for digital signatures, including cryptography and the use of public key identifiers. This approach usually specifies the establishment of dedicated certificate authorities, which can certify future users of digital signatures. This approach has prevailed in the laws of European countries, such as Germany and Italy.

The third approach, adopted within the EU Electronic Signatures Directive (adopted in 1999), combines these two approaches. It has a minimalist provision for the recognition of signatures supplied via an electronic medium. The maximalist approach is also recognised through granting that ‘advanced electronic signatures’ will have stronger legal effect in the legal system (e.g. easier to prove these signatures in court cases). The EU Directive on digital signatures was one of the responses at multilateral level. While it has been adopted in all EU member states, a difference in the legal status of digital signatures still remains, and this has been seen as a barrier to the cross-border use and interoperability of digital signatures.  This barrier is to be overcome with the entry into force, starting July 2016, of a Regulation on electronic identification and trust services for electronic transactions in the internal market, which keeps the approach of the 1999 Directive, while requiring member states to recognise qualified electronic signatures based on qualified certificated issues in any of the other EU member.

At global level, in 2001, UNCITRAL adopted the Model Law on Electronic Signatures, which grants the same status to digital signatures as to handwritten ones, providing some technical requirements are met. This model law served as inspiration for the Common Market for Eastern and Southern Africa (COMESA), which integrated this approach into its more wide Model Law on Electronic Transactions, adopted in 2010.

The International Chamber of Commerce (ICC) issued a General Usage in International Digitally Ensured Commerce (GUIDEC), which provides a survey of the best practices, regulations, and certification issues.

Public key infrastructure (PKI) initiatives are directly related to digital signatures. Two main organisations involved with PKI standardisation are the ITU and the IETF.

Privacy and digital signatures

Digital signatures are part of a broader consideration of the relationship between privacy and authentication on the Internet. Digital signatures are just one of the important techniques used to identify individuals on the Internet. For instance, in some countries where digital signature legislation or standards and procedures have not yet been set up, SMS authentication via mobile phones is used by banks for approving customers’ online transactions.

The need for detailed implementation standards

Although many developed countries have adopted broad digital signature legislation, it often lacks detailed implementation standards and procedures. Given the novelty of the issues involved, many countries are waiting to see in which direction concrete standards will develop. Standardisation initiatives occur at various levels, including international organisations (the ITU), regional bodies (European Committee for Standardization – CEN), and professional associations (the IETF).

The risk of incompatibility

The variety of approaches and standards in the field of digital signatures could lead to incompatibility between different national systems. Patchwork solutions could restrict the development of e-commerce at a global level. The necessary harmonisation should be provided through regional and global organisations.




More and more standards and guidelines developed by ISO cover issues related to data and information security,


More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employees’ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.


In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted s


In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted several documents of relevance for matters concerning Internet and jurisdiction. Examples include the Model law on electronic commerce (1996), the Model law on electronic signatures (2001), and UN Convention on the use of electronic communications in international contracts (2005), and the Technical Notes on Online Dispute Resolution (2016). E-commerce continues to be an area of interest for the Commission, which has a dedicated working group focused on the legal dimensions of issues such as identity management, trust services, electronic transferable records, cloud computing, etc.


The core mission of the IETF is to develop technical standards for the Internet, ranging from Internet protoco


The core mission of the IETF is to develop technical standards for the Internet, ranging from Internet protocols (e.g. IPv4 and IPv6) and the Domain Name System (e.g. aspects related to the functioning of Internationalised Domain Names), to routing systems and security issues. Areas of work covered by IETF working groups include applications (e.g. real time communication and audio/video transport), Internet protocols, operations and management (e.g. DNS operations, routing operations, network configuration), routing (e.g. inter-domain routing, tunneling protocol extensions), security and transport (e.g. authentication and authorisation, IP security maintenance and extensions, and transport layer security).


COMESA has developed an e-learning platform


COMESA has developed an e-learning platform for delivering training in various areas to both staff members and other stakeholders from COMESA member states. Courses offered through the platform range from leadership training to public procurement. The organisation also uses an online system known as COMESA 24/7 Online for building the capacity of COMESA and its members in monitoring the implementation of programmes and education on trade topics. Through a five phase programme, COMESA is putting all its knowledge center resources online through a web information management system.


In establishing its digital single market, the EU has progressively developed a dense 


In establishing its digital single market, the EU has progressively developed a dense copyright legislation corresponding to a set of ten directives, which harmonise essential rights of authors, performers, producers and broadcasters. To ensure EU copyright rules are fit for the digital age, the European Commission has recently presented legislative proposals to modernise the EU legal framework, in order to allow more cross-border access to content online and wider opportunities to use copyrighted materials in education, research and cultural heritage; and have a better functioning copyright marketplace.


In 2005, the UN General Assembly adopted the


In 2005, the UN General Assembly adopted the UN Convention of the Use of Electronic Communications in International Contracts. The Convention (entered into force in 2013) is aimed at facilitating the use of e-communications in international trade, and it contains, among others, provisions on the signing of electronic communications or contracts. It outlines criteria for the recognition of electronic signatures (irrespective of the technology used): an electronic communication is considered signed if the signing method (i.e. electronic signature) is capable of identifying the signatory and indicating the signatory’s intention in respect of the information contained in the electronic communication.



Other Instruments

COMESA Model law on electronic transactions



Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


OECD Digital Economy Outlook 2015 (2015)

GIP event reports

The right to privacy in the digital world (2019)


Click on the ( + ) sign to expand each day.

WSIS Forum 2019

WBDS 2019

13th IGF 2018

WSIS Forum 2017

IGF 2016

WTO Public Forum 2016

IGF 2015


The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top