Authentication
Personal information
Privacy is relevant as the authentication data may reveal additional information.
Impact: OSINT tracking, Doxing, ID Theft, medical condition
Authentication data has personal information.
Authentication methods behavioral information
Gender, ethnicity, age, medical conditions, tracking/surveilance
It is static: cannot be changed
Behavioral information
Time
Location
Browser
IP
Best practices
Authentication data may need to handled under GDPR
Considered to be personal information
Have a justification for every data item recorded
Include authentication data in GDPR data requests
Request to be forgotten
Personal data request
Clear data processing practices
DPIA - Data Protection Impact Assessment
Strict management of authentication third parties
User consent
Last updated
