Introduction
Building on existing international norms, the Principles were first developed and published in 2017 by a group of organizations committed to supporting the development of identification systems that are inclusive, trusted, accountable, and used to enhance people’s lives and the achievement of the Sustainable Development Goals (SDGs). Given the quickly evolving nature of the identification sector, the original signatories to the Principles committed to revisiting them to incorporate new perspectives and lessons learned. This second edition reflects inputs from this process and from broader public consultations.
Principles
Legal identity for all. Everyone should be able to prove their legal identity. Countries must fulfill their obligations and commitments to provide legal identification to all residents1—not just citizens2—from birth to death, as reflected in international and domestic laws.3 This includes the obligation of universal birth registration for all children,4 which is essential for providing proof of legal identity from birth, and the timely registration of other vital events, such as marriages and deaths. It also includes the obligations and commitments to provide proof of legal identity to refugees, stateless persons, and migrants who do not have a valid credential or can- not otherwise prove their legal identity.
Nondiscrimination. All identification systems should be free from discrimination in policy, in practice, and by design. This includes ensuring that legal frameworks; requirements and procedures to register, obtain, or use identification; and the data that are collected or displayed on credentials do not enable or reinforce discrimination against particular groups, such as those who may face increased risks of exclusion for cultural, political, economic or other reasons. Such groups include people living in poverty; women; children; rural populations; racial, ethnic, linguistic, and religious minorities; persons with disabilities; sexual and gender minorities; migrants; asylum seekers, refugees, and the forcibly displaced; and state-less persons among others. Furthermore, identification systems and data should never be used as a tool for discrimination or to infringe on or deny individual or collective rights.
1. While states have the sovereign right to determine eligibility for citizenship and issue proof of citizenship in accordance with international law, they also have the obligation to provide proof of legal identity—or recognize legal identification issued by another state or international organization—to all persons resident on their territory, including birth registration. For example, the 1951 Convention on the Status of Refugees, Article 27 provides that States “shall issue identity papers to any refugee in their territory who does not possess a valid travel document,” and a similar provision for stateless persons is contained in the 1954 Convention on the Status of Stateless Persons, Article 27. Providing everyone with proof of legal identity is critical to the prevention of statelessness (see www.unhcr.org/ibelong).
2. States should provide proof of citizenship to all persons entitled to it without discrimination of any kind.
3. The obligation of states to provide proof of legal identity does not necessarily mean that enrollment in identification systems should be legally mandatory.
4. For example, Article 7 of the Convention on the Rights of the Child (CRC) states: “The child shall be registered immediately after birth and shall have the right from birth to a name, the right to acquire a nationality and, as far as possible, the right to know and be cared for by his or her parents.” The CRC has been ratified by every Member State of the UN except for the United States, which has signed but not ratified the treaty. In practice, however, virtually all births in the United States are registered.
Direct and indirect costs. Costs to the individual must never be a barrier to obtain identity credentials required to fulfill rights or access basic services or entitlements. For example, civil registration and the initial issuance of birth and death certificates and other legal identity credentials should be free of charge for the individual. If fees are charged for certain additional services (such as reissuance of lost credentials), rates should be reasonable, proportional to costs incurred, and transparent to the public. The indirect costs of obtaining identification—including fees for supporting documents, travel costs, and cumbersome administrative procedures— must also be minimized.
Information asymmetries. Stakeholders must work to reduce information and knowledge barriers and disparities that might prevent individuals— such as linguistic minorities, people with low literacy levels, persons with disabilities, and others—from accessing or using identification and foster a culture of trust and accountability by increasing literacy and sensitization around the system. Information and education campaigns and other materials must be inclusive and accessible to ensure that everyone has the knowledge, capacity, and tools they need to participate in the identification system and exercise their rights to oversight and control.
Technology gaps. While technology is a key enabler of identification systems, no one should be denied identification or associated services and rights because they lack mobile or internet connectivity, electronic de- vices, digital literacy or digital skills, the comfort or ability to use certain technology, or because of technology biases or failures. Stakeholders should therefore work together to ensure that identification and authentication services are available and usable for everyone, regardless of digital resources, skills, or connectivity. Furthermore, accessible exception-handling procedures and grievance redress mechanisms are necessary to avoid denial of services or rights and in the case of technical difficulties.
Inclusion by design. Identification systems should prioritize the needs and address the concerns of marginalized and vulnerable groups who are most at risk of being excluded and who are the most in need of the protections and benefits identification can provide. This requires working with communities to proactively identify legal, procedural, social, and economic barriers faced by particular groups, risks, and impacts specific to these groups, and adopting appropriate technologies and mitigation measures to ensure that new or updated identification systems do not reinforce or deepen existing inequalities.
Uniqueness. An identification system provides a mechanism to establish and authenticate a unique identity when—within that system—each person has only one identity and no two people share the same identity. Unique- ness is particularly important within legal identification systems and others that support use cases requiring high levels of assurance,5 such as government-to-person (G2P) payments and voting. Importantly, uniqueness within a given system does not imply that there must be only one identity provider or system or a single permanent identifier (e.g., a unique ID number) used for all purposes in a country or jurisdiction.
Security. Identification systems must have adequate and effective safeguards against unauthorized access, tampering (alteration or other unauthorized changes to data or credentials), identity theft, misuse of data, cybercrime, and other threats occurring throughout the identification life cycle. Data must be protected at rest and in transit, including when people use their credentials or including on personal devices. Security measures must include systems to raise awareness about safe utilization of the system and to notify data subjects in the case of data breaches, as well as recourse for identities that have been stolen or compromised and need to be reissued.
Accuracy. Ensuring that identity data are accurate and up-to-date is one of the core principles of data protection and a right of data subjects, and is also essential for the trustworthiness of the system. Identification systems should be designed to ensure accurate data collection and have user-friendly procedures for people to view and update their data and correct errors to ensure accuracy over time.
5 Generally speaking, a “level of assurance” (LOA) represents the amount of trust a given identification system or credential provides to a third party that an identity claimed by a person or entity is actually their “true” identity. This is a function of multiple factors, including the strength of the identity proofing process when people are enrolled in an identification system and issued credentials (the identity assurance level or IAL), the strength of the authentication process and technology (authentication assurance level or AAL), and—if using a federated model—the assertion protocol used by the federation to communicate authentication and attribute information (federation assurance level or FAL) (adapted from NIST 800-63:2017).
Responsiveness. Identification and authentication services should be designed to meet people’s real needs and concerns. In addition, they should be flexible, scalable, and useful for the public agencies and private sector entities that rely on them for identification or authentication. This requires broad stakeholder consultation and a people-centric, participatory approach— including civil society, the public at large, service providers, and other relying parties—beginning with the design process and continuing throughout implementation.
Interoperability. Subject to laws and regulations on data sharing and appropriate technical safeguards, including “privacy-by-design” principles, the ability of identification systems to communicate with other systems (e.g., civil registration systems and services providers) and exchange queries or information facilitate services such as identity verification or attestations, eKYC, other permissioned data sharing, and mutual recognition of identification systems across borders.6
6 Cross-border interoperability can facilitate migration and trade, but controls should be put in place to protect the security of vulnerable groups, such as refugees, whose personal data must often be shielded from their home country.
Open standards. Designs based on open standards enable market-based competition and innovation.7 Open standards are essential for greater efficiency, improved functionality, and adaptability of identification systems, both within countries and across borders.
Preventing vendor and technology lock-in. Good procurement processes facilitate competition, promote innovation, and prevent technology and vendor “lock-in,” which can increase costs and reduce flexibility to accommodate changes over time. Procurement processes should emphasize value for money, economy, integrity, fitness for purpose, efficiency, transparency, and fairness. Effective contract management will ensure that these benefits are sustained throughout implementation.
7 For example, ISO/IEC has developed standards covering many aspects of identification systems. For more, see World Bank. 2016. “Technical Standards for Digital Identity Systems: Formulating a Strategic Approach.”
Privacy by design approach. Identification systems must be designed to prioritize and protect data and privacy as the default setting without requiring any additional special action on the part of an individual. Personal data, including any data that are linked or linkable to an individual, must be protected from improper use proactively and by default through a robust legal and regulatory framework, system design, and the adoption of technical standards and operational controls.8
Data protection principles in practice. The design, policies, and technology used by identification systems should comply with global norms for data protection, including data minimization and proportionality, purpose specification, lawful processing, strict limits on data retention, data accuracy, security, accountability, and transparency, among others.9 For example, identification systems should limit the collection and exposure of data—particularly sensitive personal information10 —including in credentials and the structure of identification numbers. Authentication protocols must disclose only the minimum data necessary to ensure appropriate levels of assurance and retain data only for as long as required for the purposes for which the data may lawfully be used, or for which consent has been given. These levels and the method of authentication should reflect an assessment of the level of risk in the transactions and should preferably be based on recognized international standards.11 Data rules and policies should be transparent and made available to people in a user-friendly for- mat to facilitate knowledge of their rights and the processes available to exercise control or oversight of their data.
8 On the “privacy-by-design” approach, see, for example, Cavoukian, A. 2011. “Privacy by Design: The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices.” https://iab.org/wp-content/ IAB-uploads/2011/03/fred_carter.pdf.
9 Commonly referenced examples of standards include the Fair Information Practices (FIPs), the OECD’s Privacy Guidelines, the EU’s General Data Protection Regulation, the UN Principles on Data Privacy and Protection, and Convention 108+, among others
10 “Sensitive personal information” can vary by context but commonly includes data that could be used to create fraudulent identities and/or to profile or target individuals. This includes biometric data and identifying numbers, such as permanent or unique identity numbers (UINs), as well as attributes such as religion, ethnicity, caste, political affiliation, and so forth. The disclosure of identifying information may involve particularly serious risks to certain people, for example, asylum seekers and refugees. Therefore, specific considerations apply to ID systems used primarily or exclusively for humanitarian purposes, particularly in settings affected by conflict, violence, and fragility. See, for example, the International Committee of the Red Cross “Policy on the Processing of Biometric Data by the ICRC.” 2019. Available at: https://www.icrc.org/en/download/file/106620/ icrc_biometrics_policy_adopted_29_august_2019_.pdf, and the ICRC/Brussels Privacy Hub Handbook on Data Protection in Humanitarian Action, 2nd Edition, 2020.
11 Such risk impact assessments should be carried out by the responsible entity that creates, collects, shares, or uses data for authentication and identification purposes linked to the specific use case. Examples of existing standards for levels of assurance for identity proofing include ISO/IEC 29115 and those issued by eIDAS, the UK Cabinet Office, the U.S. National Institute of Standards and Technology (NIST), and others.
Sustainability. Identification systems should be designed for long-term fiscal and operational sustainability. This requires a transparent and outcomes-based approach to design to ensure that the system is fit-for-purpose and makes sustainable management and technical choices, and the adoption of business models that ensure the longevity of the system without compromising other Principles. Fees for identification services can create barriers to access, inclusion for individuals, and adoption for service providers. Efforts to recuperate costs through efficiency gains and reduced leakages must also weigh fiscal savings goals against the potential for increasing exclusion errors. Identification systems should be designed to incentivize high standards of performance for all parties involved.
Legal and regulatory frameworks. Identification systems must be underpinned by legitimate, comprehensive, and enforceable legal and regulatory frameworks and strong policies that promote trust in the system; ensure data protection and privacy (including cybersecurity); mitigate abuse such as unauthorized surveillance in violation of due process; are free from discrimination and promote inclusion, particularly for vulnerable or marginalized groups; and ensure accountability. Legal frameworks should be clear in delineating liability and recourse for individuals and should be overseen by independent regulatory bodies with appropriate powers and consistent funding. They should also protect people against inappropriate access and use of their data for undue surveillance or un- lawful profiling. Frameworks require a balance between regulatory and self-regulatory models that does not stifle competition, innovation, or investment. Appropriate legal and regulatory frameworks are also required for cross-border interoperability or mutual recognition.12
Rights of data subjects. Identification services should provide people with genuine choice and control over the collection and use of their data, including the ability to selectively disclose only those attributes that are required for a particular transaction. People should be given a simple means to have inaccurate data corrected free-of-charge and to obtain a copy of their personal data. Personal data should not be used for secondary, unconnected purposes without a person’s informed consent, unless otherwise required or authorized under law (for example, as may be necessary and proportionate).13 Identity providers and other stakeholders should be transparent about identity management; develop appropriate resources to raise people’s awareness of how their data will be used; and provide accessible and user-friendly tools to manage their data, provide informed consent, and address grievances. Identity providers should ensure that the initial process to correct errors is administrative rather than judicial in order to increase speed of resolution and reduce costs. Data sharing arrangements should also be transparent and fully documented.
12 For example, asylum seekers and refugees must be given special consideration; see UNHCR Advisory Opinion on the Rules of Confidentiality Regarding Asylum Information at https://www.refworld.org/docid/42b9190 e4.html
13 See, for example, Convention 108+, Articles 5, 10, and 11.
Institutional mandates. Legislation, regulation, and trust frameworks must establish and regulate comprehensive governance arrangements for identification systems and providers domestically and—if applicable—internationally. This should include specifying the terms and conditions governing the institutional relations among participating parties so that the rights and responsibilities of each are clear to all.
Accountability. There should be clear accountability and transparency around the roles and responsibilities of all entities involved in building, operating, managing, and overseeing identification systems.
Oversight. the use of identification systems should be independently monitored (for efficiency, transparency, exclusion, misuse, etc.) to ensure that all stakeholders comply with applicable laws and regulations, appropriately use identification systems to fulfill their intended purposes, monitor and respond to potential data breaches, and receive individual complaints or concerns regarding the processing of personal data. Regulators should be sufficiently resourced and empowered to discharge their statutory responsibilities.
Adjudication. Disputes regarding identification and the use of personal data—for example, refusal to register a person or to correct data, or an unfavorable determination of a person’s legal status—that are not satisfactorily resolved by identity providers should be subject to a rapid and low-cost review by independent administrative and judicial authorities with the authority to provide suitable redress without adding barriers for the individual.
Scope and Definitions
These Principles are intended to apply broadly to the creation and use of identification systems to advance development goals. Because of their central role in realizing individual rights and facilitating access to basic services and entitlements in the physical and digital worlds, the focus of the Principles is on “official” identification systems provided by, on behalf of, or recognized by governments. See the full text of the Principles for more a detailed explanation and examples of the types of identification systems this includes.
Disclaimer: The Principles on Identification are jointly created and owned by all endorsing organizations, and the World Bank (ID4D) is pleased to be hosting this web page on behalf of our partners.