The Policy Maker's Anguish: Regulating Personal Data Behavior Between Paradoxes and Dilemmas

Regulators in Europe and elsewhere are paying great attention to identity, privacy and trust in online and converging environments. Appropriate regulation of identity in a ubiquitous information environment is seen as one of the major drivers of the future Internet economy. Regulation of personal identity data has come to the fore including mapping conducted on digital personhood by the OECD; work on human rights and profiling by the Council of Europe andmajor studies by the European Commission with regard to self-regulation in the privacy market, electronic identity technical interoperability and enhanced safety for young people. These domains overlap onto an increasingly complex model of regulation of individuals' identity management, online and offline. This chapter argues that policy makers struggle to deal with issues concerning electronic identity, due to the apparently irrational and unpredictable behavior of users when engaging in online interactions involving identity management. Building on empirical survey evidence from four EU countries, we examine the first aspect in detail – citizens' management of identity in a digital environment. We build on data from a large scale (n = 5,265) online survey of attitudes to electronic identity among young Europeans (France, Germany, Spain, UK) conducted in August 2008. The survey asked questions about perceptions and acceptance of risks, general motivations, attitudes and behaviors concerning electronic identity. Four behavioral paradoxes are identified in the analysis: a privacy paradox (to date well known), but also a control paradox, a responsibility paradox and an awareness paradox. The chapter then examines the paradoxes in relation of three main policy dilemmas framing the debate on digital identity. The paper concludes by arguing for an expanded identity debate spanning policy circles and the engineering community.