The European Parliament and the Council of the EU reached a provisional agreement on Nov. 8 regarding the introduction of a new framework for a European digital identity (eID).
Often referred to as the EU Digital Identity Wallet (EUDI), the tool aims to ensure that all EU citizens, residents, and businesses have access to “secure and trustworthy electronic identification and authentication” in the near future, according to officials.
Under the EUDI, member states will “offer” EU citizens “digital wallets” that will be linked to their national digital identities along with other proof of identification, such as their driving licenses and their bank accounts.
They'll also store official documents, such as the individual’s educational history, medical prescriptions, and qualifications.
Citizens will then use the EUDIs to prove their identity, access public and private online services, open bank accounts, make payments, and share electronic documents via their mobile phones, removing the need to “provide private identification methods” or “unnecessarily share personal data.”
According to the European Parliament, the tool will provide “full security and protection of personal data all over Europe.”
They also agreed on the “business model” of the wallet, on the code that the wallets will use, and that “consistency between the wallet as an eID means and the underpinning scheme under which it is issued has been ensured.”
According to officials, the identification tools will use open-source software components, but EU nations providing them will also be “granted necessary leeway” for various “justified reasons,” in which case, “specific components other than those installed on user devices may not be disclosed.”
‘Unique, Secure European Digital Identity’
Officials also established that member states will provide validation mechanisms to “verify the authenticity and validity of the wallet and of the relying parties’ identity” free of charge.The provisional agreement clarifies the “scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website while preserving the current well-established industry security rules and standards.”
“With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity,” Nadia Calviño, acting Spanish first vice president and minister for economy and digitalization, said in a statement.
“This is a key advance for the European Union to be a global reference in the digital field, protecting our democratic rights and values.”
Officials will now work on accompanying legal text for the provisional agreement, which will be submitted to member states’ representatives for endorsement.
Following a legal review, the provisional agreement will need to be formally adopted by the Parliament and the council before it can be published in the EU Official Journal and go into effect.
The European Commission launched four large-scale pilot programs of the digital identity wallet in April, focusing on a mobile driving license, eHealth, digital payments, and education and professional qualifications, investing a total of 46 million euros ($49 million) in the pilot schemes. More than 250 private companies and public authorities across 25 member states and Norway, Iceland, and Ukraine are taking part in the pilot.
Under the new program, large-scale platforms such as Amazon and Facebook will also be legally required to accept the digital ID wallet.
Concerns Over Privacy, Freedom
While officials have touted the various pros of the digital ID wallet, stated that users will be able to opt out of sharing personal data, and claimed that it won’t be used for “illegal tracking, tracing, or government interception,” experts have raised concerns.“The current trilogue negotiations have distinguished poorly between legitimate use cases and fraudulent or abusive scenarios,” they wrote.
“Privacy-respecting functions are not given preference over intrusive functions of the Wallet.”
The experts said legal know-your-customer requirements of banks and insurance companies are “put on an equal level as the surveillance-driven business models of Big Tech.”
“In its current form, the European Digital Identity System would be a gift for Google and Facebook to undermine the privacy of EU citizens. This will impact everyone in the EU and put them at a lower privacy level than people in other world regions,” they said.
Rob Roos, a Dutch politician and current independent member of the European Parliament, called the latest agreement “very bad news.”
“They’re pushing it all through. I am not optimistic. But it is not too late yet. Parliament still has to vote about this. Let your MEP [member of the European Parliament] know that you oppose the Digital Identity and that you want your MEP to vote against it,” he wrote.
The latest development is bad news for the “privacy and freedom” of Europeans, Mr. Roos said.