The GDPR, A game changer for electronic identification schemes? The case study of Gov.UK Verify

Sophie Stalla-Bourdillon, Henry Pearce, Niko Tsakalakis

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)
18 Downloads (Pure)


This article offers an interdisciplinary analysis of the General Data Protection Regulation (GDPR) in the context of electronic identification schemes. Gov.UK Verify, the UK Government's electronic identification scheme, and its compatibility with some important aspects of EU data protection law are reviewed. An in-depth examination of Gov.UK Verify's architecture and the most significant constituent elements of both the Data Protection Directive and the imminent GDPR – notably the legitimising grounds for the processing of personal data and the doctrine of joint controllership – highlight several flaws inherent in the Gov.UK Verify's development and mode of operation. This article advances the argument that Gov.UK Verify is incompatible with some major substantive provisions of the EU Data Protection Framework. It also provides some general insight as to how to interpret the requirement of a legitimate legal basis and the doctrine of joint controllership. It ultimately suggests that the choice of the appropriate legal basis should depend upon a holistic approach to the relationship between the actors involved in the processing activities.

Original languageEnglish
Pages (from-to)784-805
Number of pages22
JournalComputer Law & Security Review
Issue number4
Early online date28 Jun 2018
Publication statusPublished - 1 Aug 2018


  • Data protection
  • Electronic identification
  • GDPR
  • Gov.UK Verify
  • Joint controllership
  • Legal bases


Dive into the research topics of 'The GDPR, A game changer for electronic identification schemes? The case study of Gov.UK Verify'. Together they form a unique fingerprint.

Cite this