Elizabeth J Kennedy, Christopher Millard, Data Security and Multi-Factor Authentication: Analysis of Requirements Under EU Law and in Selected EU Member States (April 30, 2015). Queen Mary School of Law Legal Studies Research Paper No. 194/2015. Available at SSRN
This report (the “Report”) considers certain legal requirements relating to data security in the EU, and specifically the use of multi-factor authentication as a method of meeting the security obligations established by European Directive 95/46 EC on the processing of personal data (the “Directive”). Following this Executive Summary, the Report comprises two sections: a discussion of the requirements of data security under European data protection legislation, and a study of selected national positions.