Our Digital Identity in a ‘Wallet’- The Proposed Amendments to the eIDAS Regulation
Written by Danielle Mercieca
In an effort to continue building on the European Council and Commission’s mandate to provide an EU framework for public electronic identities, the Commission undertook a review of the eIDAS regulation resulting in a proposal to amend the current regulation.
The proposed amendments to the regulation aim to, as Executive Vice-President Margrethe Vestager succinctly put it, “enable us to do in any Member State as we do at home without any extra cost and fewer hurdles……… And do this in a way that is secure and transparent. So that we will decide how much information we wish to share about ourselves, with whom and for what purpose.” Perhaps, the most novel way of achieving this is through the European Digital Identity Wallet.
The Commission is proposing establishing a framework for European Digital Identity Wallets to allow citizens to share their data securely and access services through electronic identification and authentication. Essentially, this Digital Identity Wallet is an app that would allow users to store identity data, share with relying parties, digitally identify themselves when using both online public and private services as well as offline services. The scope of the Digital Identity Wallet seems quite broad, with the possibility of being issued not just by Member States but even by private entities recognised by the Member State. Amongst others, its intended use covers not only public services but also opening bank accounts, filing tax returns, applying for university, renting a car and even checking into a hotel.
One of the driving forces behind this concept appears to be data sovereignty and giving back users control over their data, with the proposal working towards ensuring compliance with data protection legislation is maintained. The scope of these wallets is likely to cover a broad range of services from health services to financial services thus clearly involving personal data. For this reason, the proposal mandates that users shall be in full control of their wallet, allowing users to choose which parts of their identity to share and sharing only the necessary data. Too many times we’ve logged into various online services with no control as to the data we must share to digitally identify ourselves to access the service- is the European Digital Identity Wallet the solution? Furthermore, issuers of the wallet are prohibited from collecting information about the use of the wallet and as well as from combining personal data stored in the wallet or data about the use of the wallet, with data from other services provided by the same issuer.
Organised and all within the users’ control, right? However, new concepts come with new obligations and Member States must ensure a level of security and assurance in the provision of these wallets. Concerns have already been raised as to whether it is simply a matter of transferring our digital lives from large online platforms to government and consideration of the security risks of collecting all data and documents in one repository. The proposed amendments in fact lay down requirements to regulate the issuing of these wallets, conformity of which should be certified by accredited bodies designated by Member States and relying on cybersecurity schemes established under the Cybersecurity Act. But will this be enough to put EU lawmakers’ and privacy and security experts’ minds at ease?
The Proposal is still in its initial stages, with a long legislative process ahead where the European Parliament and the Council can make changes to the original proposal. Whilst it may be difficult to accurately assess the impact of Digital Identity Wallets for the moment, MITA will be monitoring developments on the Proposal to amend the eIDAS Regulation as it continues to pursue its vision of “a commitment to a digital future” by supporting Government through the provision of technical consultancy services where the revision of the eIDAS Regulation is concerned.