What is European digital identity and why does privacy groups care so much about it?

European digital identity has been given the green light. The European Parliament approved this initiative 335 votes in favor, 190 against and 31 abstentions.This means that what is expected to be a maximum change to users’ online identities only needs to clear the EU Council of Ministers hurdle before finally becoming law.

In short, European Digital Identity is a kind of EU digital wallet for authentication and access to public and private services, as well as for storing, sharing and electronically signing documents. In theory this means unification of identification and authentication procedures without the need to contact third partiesa function similar to electronic DNI, but unified for use throughout the European Union.

One of the main requirements and reasons for controversy during its approval is that it should be open source in order to ensure greater transparency and security. There are still many unresolved issues before it reaches the general use of administrative procedures of citizens, but on paper it is a way to unify authentication across the network, which will greatly simplify procedures with the administration and with third parties.

Many question the privacy of European digital identity

The most controversial aspect of the approval of the Digital Identity Europe regulations is related to the voluntary nature of use. Basically, use this system to identify yourself or sign documents onlinewill be completely voluntary, as, according to the regulator, it aims to protect the rights of citizens by avoiding discrimination against people who choose not to use a digital wallet.

The reality is that you are expected to have very little to do as a volunteer. The provisional approach is for it to become a standard for certain administrative procedures, such as applying for a university place or European Health Card or applying for certain positions. In addition, Member States may expand administrative procedures in which its use will be mandatory, although for now it is expected to co-exist with internal digital authentication systems (DNIe) or with personal procedures.

Some groups have been particularly critical of this European initiative. As early as 2023, various civil society organizations have called on European officials to reconsider the current trajectory of eIDAS 2.0, the legal framework for the adoption of a European digital identity, which has now been given the green light. For privacy groups, its use could mean the death of anonymity, leading to “over-identification” and “online real identities”:

“In its current form, the European Digital Identity Scheme would be a gift from Google and Facebook to undermine the privacy of EU citizens.. “This will affect all EU residents and place them at a lower level of privacy than people in other regions of the world.”

Open letter to the EU on eIDAS 2.0 issues.

Be that as it may, it is poised to become a standard regarding European administrative procedures, so in practice its use will be more than mandatory. This caused huge debate not only on the concept itself, also in their future statements when the ministers of various countries give them the go-ahead and eventually became the current law.

The privacy of the system also raises questions. Not so much because of the possible vulnerability, but because of the traceability that each of the European authorities will have access to in the actions of a citizen, in a completely centralized and unified way: the ability to integrate everything, starting with the medical advice issued by this system for border movements, banking applications or simple administrative procedures, as well as their identification in third-party systems.

The regulation also stipulates that it can be used to sign documents.

The law also provides for the inclusion of qualified electronic signatures, which are the most secure and have the same legal status as a handwritten signature, into the European Digital Identity for users free of charge. Additionally, although not specified, how interoperability between wallets can improve the smoothness of digital exchanges. This further raises privacy concerns.

However, the rules provide for something called privacy panelin which users will be able to have full control over their data and request its deletion in accordance with the provisions of the General Data Protection Regulation (GDPR).

Be that as it may, European digital identity is a reality, and in the absence of the development of its final approval by EU ministers, as well as its regulatory and technical specifications, everything points to it becoming the standard for communications and electronics within the European Union in the near future, we want this or not.