Authentication

Personal information

Privacy is relevant as the authentication data may reveal additional information.

• Impact: OSINT tracking, Doxing, ID Theft, medical condition

Authentication data has personal information.

Authentication methods behavioral information

Gender, ethnicity, age, medical conditions, tracking/surveilance

It is static: cannot be changed

Behavioral information

• Time

• Location

• Browser

• IP

Best practices

Authentication data may need to handled under GDPR

• Considered to be personal information

• Have a justification for every data item recorded

• Include authentication data in GDPR data requests

  • Request to be forgotten

  • Personal data request

Clear data processing practices

• DPIA - Data Protection Impact Assessment

• Strict management of authentication third parties

• User consent