Get steadily ready for the European Digital Identity

This week’s prompt “how do we handle information in the digital age?” reminded me of the handling of private information on the internet by public actors. In other words, I was thinking of the European digital Covid-19 vaccination pass that was my sesame to travel in times of pandemic. Doing a bit of research on the net about comparable cross-border data sharing initiatives, I came across the next step of EU cross-border data sharing: the introduction of the European Digital Identity or e-ID. What does this eID entail with regards to the handling of information and what and what are the risks tied to it? Let me summarize this in this blogpost.

What’s in a wallet? Definition and purpose of the European Digital Identity

The European Digital Identity is a set of digital identity credentials (name, gender, birthyear for example) that will be stored in an online tool called a digital wallet. Such wallets will be accessible through an app on smartphones. Having such an app will make proving one’s identity inside of Europe a much smoother process. The European Digital Identity is moreover an answer to the growing demand for a centralized single digital ID for online services. But what does this mean concretely? Well, if you would like to make use of online public and digital services across the EU – requesting birth certificates, applying for a university in Europe, renting a car, opening a bank account – this app will make your life lot easier (see images for an illustration). The app is also advertised as giving users the full control of the aspects of the stored date they want to share as well as letting users keep track of the sharing of the information. An example of this is if you want to prove your age: using the app you will be able to only share that part of your e-identity. The EU also promotes the app as a facilitator not only for individuals, but for businesses as well. This is because the app promises to reduce costs and time thanks to the use of streamlined processes by using the eSignature and eSeal function to give an example.

Image 1. Source: European Commission
Image 2. Source: European Commission

The launch of such a wallet app was planned for this month (October 2022) under the condition that the basis of an agreement across member countries for the legal framework of the project had been reached. As it stands now however, an agreement in 2023 and a 2024 rollout seem more plausible.

Risks: function creep and non-uniform data safety

While this initiative presents itself as a huge facilitator of paperwork, I can conceive that some can be very wary of this imminent change of the European internet landscape. One major drawback put forward by digital activists is that because the EU wants private actors – read: Facebook and Google amongst others – to accept the new id, this could grant them access to even more personal data, in fine strengthening the private actors and their third parties such as the personalized advertisement industry. Moreover, even if the EU Commission promised to draw up a plan that will ensure the highest security levels, this might prove difficult in practice because countries themselves will be responsible for enforcing the proposal, countries with varying levels of data protection.

As a side note, while the public and private services of EU countries will have to accept the new identification method, downloading the app cannot be made compulsory for users. In other words, it is fine if you don’t want to jump onto the e-ID bandwagon, yet.

Privacy: promised or guaranteed?

In the digital age, handling information has been facilitated thanks to the internet by allowing us to share, collect and centralize data en masse. While the users become more and more literate in their use of the medium, privacy concerns are taking center stage. This is exemplified by the emphasis put on the privacy-friendly character of the eID project. Only time will tell whether this initiative will maintain its promises, but wariness is never in vain in light of various data leaks and privacy scandals marring the reputation of public and private actors. In other words: keep an eye out!