Allocating Control in Decentralised Identity Management

Creating legal identity in the digital space involves the challenging task of addressing the data- related responsibilities and obligations for data governance and data protection (by design and by default) to name a few. Substantially, it also requires the datafication of legal identity which means transposing all its properties and foundational traits inits corresponding data expressions and relations. As (digital) legal identity evolves from the fringes of purely technology-related challenges towards the legal and socio-technical, state institutions –sovereignly responsible for delivering digital legal identities to citizens– are acknowledging the polyvalent, non-monolithic, and relational characters of identitiesand they explore appropriate architectures. This paper sets out to explore the institutional turn towards decentralized digital identities. The claims surrounding these digital identities raise high hopes for the cross border digital identity provisioning being data protection and privacy compliant, technologically secure, and user-centric. This paper attempts to explore how the relevant accountable actors –as recognized through the data protection normative framework– are formed around the technological identity infrastructure.We highlight and examine the conflict between the European proposals on the provision of digital identity infrastructures through decentralized architectures and the concepts of data controllership in the GDPR.