4 - 6 minute read
The European Parliament’s recent approval to negotiate the creation of the new European Digital Identity (eID) framework has brought about questions regarding data privacy and usability. The eID framework is set to give EU citizens digital access to key public services, making it easier for citizens to interact with public services and administrations. The European Digital Identity Wallet, also known as EUDI Wallet or EU wallet, will enable citizens to identify and authenticate themselves online without the need for big commercial providers like Google, Apple, Facebook or Amazon.
The possibility of storing electronic IDs on a smartphone, digitizing health cards, passports, school reports, membership certificates, credit cards, among others, and combining them into one wallet could have the potential for mass market adoption. However, the success of the eID framework and EU wallet requires the adoption of citizens in Europe through security, usability, relevance, and interoperability of different applications.
The Challenge of Usability
The success of the EU wallet depends on its usability as it will hardly be adopted by citizens in their daily lives if it doesn’t offer a good use case. To overcome this challenge, the EU has set an ambitious goal for the wallet, aiming to bring it to 80% of the population by 2030 by mandating that the wallet be supported by e-government services and companies that have a legal requirement to identify their customers through Know Your Customer checks. It could require major online platforms like Google or Facebook to offer the EU wallet to log in to their services, and soft law and delegated acts could require small and medium-sized enterprises to support the wallet.
Privacy is King
The EU wallet must provide a data-saving solution that protects user transactions from third-party access. It is critical that users are protected from tracking by wallet providers, and wallet providers must ensure that wallet data processing is in line with legal requirements. The European Parliament has introduced a non-discrimination clause as a safeguard in the recently passed identity framework that protects anyone who chooses not to use the EU wallet. However, there is a concern about “over-identification” where the obligation for everyone in the EU to use the wallet could lead to a loss of anonymity and pseudonymity in everyday interactions. The European Parliament has taken this concern into account and has included a non-discrimination clause that protects individual choices not to use the EU wallet.
The EU’s Industry, Research, and Energy Committee has included a standard for zero-knowledge proofs (ZK-proofs) in its eID amendments. ZK-proofs allow the selective disclosure of certain information, such as revealing only one’s age, for example. This technology could become a core function of the EU wallet, providing “unlinkability,” allowing someone to prove they are of age to someone else on different occasions without the latter party knowing the former is the same person. However, the implementation of ZK-proofs must comply with privacy regulations ensuring that they meet all specific requirements of the General Data Protection Regulation.
“It is unlikely that the Parliament will win 100% of the trialogue negotiations. But we hope that the Council and the Commission will realize that the success of the whole system depends on the privacy and trust that is built in. Only if it is the trusted and chosen tool of citizens for their most sensitive health, identity and financial data can the European Digital Identity Wallet be a success.”
The success of the EU wallet depends on its accessibility, security, ease of use, and protection of user data. The EU should focus on making the wallet mainstream, ensuring that it is interoperable and aligns with other digital wallets across the globe. EU regulators must also ensure that ZK-proofs comply with privacy regulations and meet all specific requirements of the General Data Protection Regulation. The implementation of the eID framework and EU wallet could be a game-changer for other forms of digital or blockchain-based ID while balancing considerations on data privacy, surveillance, and cost-effectiveness.