This report (the “Report”) considers certain legal requirements relating to data security in the EU, and specifically the use of multi-factor authentication as a method of meeting the security obligations established by European Directive 95/46 EC on the processing of personal data (the “Directive”). Following this Executive Summary, the Report comprises two sections: a discussion of the requirements of data security under European data protection legislation, and a study of selected national positions.
The Report, written by Elizabeth J Kennedy and Christopher Millard, is available online at SSRN at:
SSRN: 'Data Security and Multi-Factor Authentication: Analysis of Requirements Under EU Law and in Selected EU Member States.'