Responsibility for online identity

Off-line we have generally accepted ways of identifying persons, for instance by looking them in the face and checking the pictures on their identity cards. Online, these traditional identification procedures cannot be performed in a feasible manner. Therefore other technological possibilities are used, often provided by a third party, an identity provider. In part due to the particular features of the online identification procedures, and in part due to lack of consideration by legal scholars, it is not clear to what degree and under which circumstances a person is responsible for what is done with her online identity. The eIDAS Regulation, for instance, which provides general rules for electronic identification and trust services, does not cover liability rules regarding private identity providers; it specifies only very limited provisions regarding governmental identity providers. Subsequently, the liabilities of the identified person are unclear as well. This research analyses the liability allocation of the participants involved in the online identification process, with a focus on the position of the identified natural person whose online identity is used in case of incorrect online identification. The research aims to give a well underpinned legal account of how a liability position of this natural person can be achieved that at least comes close to the existing liability position of persons in case of misuse of their banking information in the banking sector.