This section provides an overview of the use cases for the eID feature and the implications regarding the underlying laws and regulations.
In general, the eID can be used in any business use case, where the data is necessary. Yet it is mandatory to define the regulations on which the identification is based.
In case of onsite, reading out the eID in a branch office or store, no actions have to be undertaken. The data fields of the eID that can be provided are defined.
In case of German AML (GWG) and German Telecommunications Law (TKG) the regulation is clear and AUTHADA holds the relevant authorisation certificates for the identification. This means that there are also no additional actions necessary. The data fields of the eID that can be provided are defined.
In case of other use cases, for example reading out the eID in an e-commerce context, the following steps have to be undertaken:
- Define the necessary fields
- Per field, define the laws on which the field requirement is based (e.g. Art. 6 Para. 1 lit. c) EU GDPR)
- AUTHADA checks whether the defined regulatory requirements are reasonable and discusses the requirements with our external data privacy officer.
These steps are important, since AUTHADA is a certified identification service provider (Identifizierungsdiensteanbieter, IDA). This allows us to read out the eID in any use case. The regulation requires us to make sure that the read-out fields are appropriate.