“Identification” is the ability to uniquely identify a user of a system or an application. This is the difference to “authentication”, which is the ability to ensure that an identified data set relates to a specific person.
In practice, many controllers request unrelated additional data when users exercise their rights, claiming that this is necessary for authentication purposes, when the main goal behind this tactic is to frustrate users. In many cases, controllers require identification documents, when it would be sufficient to verify the user via the login details of an account.
Our project aims at stopping unnecessary routine identity checks by data controllers in an effort to ensure that data subjects can exercise their rights, while ensuring data security by shifting to stronger and more relevant forms of authentication.
Case | Controller | DPA | Status | Duration |
---|---|---|---|---|
C012 | Grindr LLC | DSB (Austria) | Pending (3 - 4 years) | Filed:
(3 years ago) |
C060-02 | Krux Analytics | Garante per la protezione dei dati personali (Italy) | Pending (18 - 24 months) | Filed:
(1 year 8 months ago) |
C060-03 | PubMatic, Inc | Garante per la protezione dei dati personali (Italy) | Pending (18 - 24 months) | Filed:
(1 year 8 months ago) |
C060-04 | Subito.it S.r.l. | Garante per la protezione dei dati personali (Italy) | Pending (18 - 24 months) | Filed:
(1 year 8 months ago) |
C060-05 | Magnite, Inc. | Garante per la protezione dei dati personali (Italy) | Pending (18 - 24 months) | Filed:
(1 year 8 months ago) |
C060-06 | RTB House Italy s.r.l. | Garante per la protezione dei dati personali (Italy) | Pending (18 - 24 months) | Filed:
(1 year 8 months ago) |