The Privacy by Design foundation processes personal data with the aim of realizing attribute-based authentication and signatures via the system IRMA, an abbreviation for I Reveal My Attributes. The foundation is responsible for this data processing and in doing so abides by the General Data Protection Regulation (GDPR).
The design of IRMA is such that personal data, attributes in particular, are stored exclusively at the user’s side on his/her own phone or tablet. The foundation has a cooperation agreement and also a data processing agreement with SIDN. As part of this cooperation, SIDN handles the registration of new IRMA users. In this registration process SIDN only stores a user’s email address, if the user explicitly so chooses, together with a very limited set of historical usage data, as will be explained below.
A user of IRMA is asked to consent (agree) at every data processing step by the foundation, as data controller, or by SIDN as processor. This consent forms the legal basis for the data processing. A user can at any stage terminate the foundation’s (and thereby also SIDN’s) processing of his/her personal data by terminating (blocking) his/her personal IRMA account, via the MyIRMA webpage. The IRMA app asks the user to consent whenever attributes are received or revealed, via an OK button. The IRMA app itself is protected via a personal PIN code. This consent forms the legal basis for the processing or the relevant attributes by these (third) parties, providing or receiving attributes.
The Privacy by Design foundation and SIDN process personal data in three different ways.
Continuously. At registration an arbitrary username is automatically created for a new user of IRMA. The user can choose to associate a self-chosen email address with this IRMA account. This is not necessary, but optional. The email address is stored and protected by SIDN, until the user changes or removes or cancels his/her account, in the MyIRMA environment.
The arbitrarily chosen username is a pseudonym that identifies an account at the foundation. The (optionally added) email address can be used for communication with the user, for instance for logging into MyIRMA. SIDN keeps the email address secret and does not share it with others, unless there is a legal obligation to do so. The foundation and SIDN uses the address exclusively for IRMA functionality.
The foundation and SIDN record usage data (“logs”) per account. The sole purpose is providing an IRMA user with insight in the usage of his/her own account, associated with the user’s email address, in order to detect possible abuse and to (subsequently) block the account. With this access to a user’s own log data the foundation and SIDN fulfill their obligation to provide users insight in their own data. These log data are stored and protected until they are deleted by the user. The logs contain only time stamps of actions, together with the kind of action that happened, such as PIN verified or IRMA session performed. In particular, these logs do not contain personal data, such as attributes, or information about the party to which attributes are revealed, or fromm which attributes are received. These log data are not shared with others, unless there is a legal obligation to do so. When an IRMA account is terminated, or when its data are removed, all these log data are immediately removed by the foundation.
Incidentally. When the IRMA app crashes or encounters a serious problem, an error report is made and sent to the foundation, if you as IRMA app user provided consent for that. This consent can be provided by enabling the “Send error reports to IRMA” toggle in the settings of the IRMA app. If this toggle is not enabled, then error reports are not sent. These error reports are a critical instrument for the foundation in fixing problems and improving the IRMA app. An error report never contains user attributes, or data about previous usage of the IRMA app, but only technical data about what went wrong and about your phone (for example, IP address, the app version number, and the version number of Android or iOS). The foundation removes these reports when they are no longer necessary, or at least within three months.
One time, only temporarily. At issuance of attributes by the Privacy by Design foundation, the foundation attaches its own digital signature to these attributes; subsequently, the signed attributes are placed in the IRMA app of the user. Immediately afterwards, these data are removed from the systems of the foundation. The foundation does not keep a record of attribute issuance.
For some forms of issuance, as well as for some demos, the user is asked to first authenticate with attributes. These attributes are also deleted immediately after usage.
The foundation also has to process the IP address of your computer or phone in the following cases:
- You visit this website or one of the other ones of the foundation.
- You scan a QR code with your IRMA app of one of the issuers or demos of the foundation (on desktop), or when (on mobile) the IRMA app is opened by one of these issuers or demos.
- When, after the previous step, you receive or disclose data in the IRMA app from or to one of the IRMA applications of the foundation.
In these cases your IP address is not stored, unless a technical error occurs. In that case your IP address is stored for two weeks, after which it is automatically deleted.
In addition, during the last step (the receiving or disclosing of data) your IP address is also processed and logged by SIDN, a partner of the foundation that runs the IRMA keyshare server. This also happens when you receive or disclose data to or from other parties than the foundation.
The foundation publishes via its own dashboard how many IRMA users are registered in which country at any point in time. This only involves the number of registered usernames (pseudonyms) and the number of credentials (sets of attributes) per country, issued by the foundation. The foundation also reserves the right to publish statistical data about the registered logs, such as for instance the total number of transactions per unit of time (day, month or year).
For questions, remarks, or complaints about this data processing by the Privacy by Design foundation for IRMA functionality, please contact the foundation. For complaints about the foundation’s data processing one can also contact the Data Protection Authority of the Netherlands.
Date: March 12, 2020.