Hi, from reading the laws and I skimmed through the pdf too - I don't know how 1 and 3 could be agreed amongst everyone. In some senses 3 contradicts 1.
I agree too with Sarah, identity theft is not someone just posing as someone else with that information, identity theft is when a person receives back personalised information without being aware or agreeing to their personal information being processed by those technologies (and companies involved with them). Those companies have not necessarily posed as you, but they have taken personal information from you without your consent, which is theft. Not in legal terms - their legal situation is the terms and conditions that none of us ever look at or can figure out the multitude of scenarios in which that information could be used.
Another issue is that corporations and governments do not follow the same sets of guidelines when accessing and using information, governments, police etc may be stricter and follow more precise guidelines/laws relating to use of personal identifying information online. Corporations do not need to follow these guidelines/laws unless working on contracts with government / agencies and even auditing does not mean that there is enough capacity to be able to say that they are always followed - I guess this is part of risk analysis done through the tender process or whatever.
How much of it appears to come down to - we only know more about what is happening with our personal information and how its being collected when something about their practices are open to everyone and they are forced by governments or media (traditional or citizen based) to reveal details. Its ironic that they as a corporation are not comfortable revealing data, but willing to collect it. I can think of several technology giants who might fall into this category. There is then a lot of rhetoric produced about how revealing data protects or harms other people, corporations, countries etc etc
And you can find cases of people working in government or wherever that do not appear to follow the laws too for reasons which would probably fall under 3 in the poster, usually reported by specific media - it would need additional analysis to understand why different media choose to reveal information at specific times in the same way that financial markets operate.
I think the concept of identity cards or a digital identity are just at presentation 'layer'. If systems (and layers of technologies and networks which connected those systems) and what makes up that identity are on their way to being or already connected...I wonder about the importance of having a digital identity that we carry around with us at all.
Digital confusion. Reflecting further on Sarah's points, with data being more accessible and engineered to be increasingly reproducible (is that a word?), I wonder how you can ever provide enough evidence that you are who are you say you are and not someone else with a lot of similar identifying characteristics / information. Having a barcode instead of a name wouldn't solve the issue ;-)
I do have various alerts relating to my name, I did a quick look through in more detail today - there are many people out there who have the same name and even if I think I can assemble enough information about myself that I think would identify me as the person that I think I am, it doesn't mean that anyone else looking at various information relating to a person with this name, would in the same way and we all have different motivations for our actions anyway so even if someone did, as Sarah said, it could be used in criminal or other ways for whatever purposes it suited others.
Does it mean that all conversations involving identifying information about people will revert to happening offline in the future because they are less easy to track?