Book contents
- Frontmatter
- Contents
- Preface
- Acknowledgements
- Table of cases
- 1 The signature
- 2 International initiatives
- 3 European Union Directive on electronic signatures
- 4 England and Wales, Northern Ireland and Scotland
- 5 International comparison of electronic signature laws
- 6 The form of an electronic signature
- 7 Digital signatures
- 8 Liability
- 9 Evidence
- 10 Data protection
- Index
- References
10 - Data protection
- Frontmatter
- Contents
- Preface
- Acknowledgements
- Table of cases
- 1 The signature
- 2 International initiatives
- 3 European Union Directive on electronic signatures
- 4 England and Wales, Northern Ireland and Scotland
- 5 International comparison of electronic signature laws
- 6 The form of an electronic signature
- 7 Digital signatures
- 8 Liability
- 9 Evidence
- 10 Data protection
- Index
- References
Summary
Electronic signatures come in various forms, and to illustrate a simple but disturbing way in which documents are used, one can look to the activities of some local councils in England. When a person applies for planning permission, they are required to submit a planning application, and their manuscript signature is affixed to the document. The documents that accompany a planning application are open to the public to view. However, some local authorities scan the applications and put them into pdf format before uploading the entire document onto a website, thus exposing a number of manuscript signatures to being viewed by the entire world. This action enables would-be thieves to obtain a perfect specimen of a manuscript signature that could be used for nefarious purposes in the future. This is just one of the problems that affect electronic signatures and the application of the principles of data protection, although it is recognized that a scanned signature in itself will not constitute personal data. This state of affairs in England illustrates that rules put into place to provide for openness in pre-digital times are not always appropriate in the digital age. In this instance, the application of a rule requiring openness at a time when paper was paramount has been uncritically transposed into the digital age without thought to the wider repercussions.
Organisation for Economic Co-operation and Development
In the international context, the Organisation for Economic Co-operation and Development developed a set of guidelines, part of which included the need to consider the issues relating to the protection of personal data. Principle 5, ‘Protection of privacy and personal data’, sets out the expectation:
The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.
In discussing the issues relating to privacy, the guidelines expressly note the difference between cryptographic keys used for confidentiality and those used for authentication. Any user that intends to use a private key for the purposes of authentication must be made aware of the difference, and undertake to ensure only the relevant algorithms are used for the purpose of generating a private key. Failure so to do may enable malicious individuals to use the private key not only to impersonate an individual, but also to send incriminating material electronically that can be associated with the innocent holder of the private key.
- Type
- Chapter
- Information
- Electronic Signatures in Law , pp. 348 - 355Publisher: Cambridge University PressPrint publication year: 2012