Advanced Electronic Signatures and GDPR: Reconciling the Concepts
摘要
Digital signature schemes developed by the cryptographic community have been adopted as advanced electronic signatures in the legal framework of many countries, including the European Union. In their current implementations, certification practices, and legal practice, electronic signatures are orthogonal to privacy protection. In fact, protecting data origin and integrity with advanced electronic signatures creates many challenges from the point of view of GDPR. In this paper, we show that conflicts between the legal concept of electronic signatures and the strength of digital signatures on one side, and the paradigms of privacy-by-design, data minimization, etc. can be resolved by slightly reshaping the signature schemes and reinterpreting certain legal concepts.