European Union Plans Framework for Secure Digital Identities

The European Commission, the executive branch of the European Union, announced a proposal yesterday to create a European Digital Identity system that would “be available to all EU citizens, residents and businesses in the EU.” The goal is to enable citizens who are interested “to prove their identity and share electronic documents from their European Digital Identity wallets with the click of a button on their phone.” In addition, these citizens would “be able to access online services with their national digital identification,” that would be recognized throughout European Union’s Member States.

“Very large platforms will be required to accept the use of European Digital Identity wallets upon request of the user, for example to prove their age,” explains the European Commission press release. “Use of the European Digital Identity wallet will always be at the choice of the user.”

Downloading a wallet app to a smartphone or other mobile device would allow individuals to store documents, easily verify identification and selectively share information in a secure manner. Use examples include identity verification, various transactions, e-signing (electronic signatures), opening a bank account, applying for a loan, renting a vehicle, enrolling in a university, submitting taxes or checking into a hotel.

“The European digital identity will enable us to do in any Member State as we do at home without any extra cost and fewer hurdles,” stated Margrethe Vestager, European Commissioner for Competition and EVP for a Europe Fit for the Digital Age. “Be that renting a flat or opening a bank account outside of our home country. And do this in a way that is secure and transparent. So that we will decide how much information we wish to share about ourselves, with whom and for what purpose.”

According to TechCrunch, “Some Member States do already offer national electronic IDs but there’s a problem with interoperability across borders, per the Commission, which noted … that just 14 percent of key public service providers across all Member States allow cross-border authentication with an e-Identity system, though it also said cross-border authentications are rising.”

“A number of tech giants do of course already offer users the ability to sign in to third party digital services using the same credentials to access their own service. But in most cases doing so means the user is opening a fresh conduit for their personal data to flow back to the data-mining platform giant that controls the credential, letting Facebook (etc.) further flesh out what it knows about that user’s Internet activity.”

However, the EU’s proposal emphasizes security and privacy: “The new European Digital Identity wallets will enable all Europeans to access services online without having to use private identification methods or unnecessarily sharing personal data. With this solution they will have full control of the data they share.”

“It is about giving a choice to consumers, a European choice,” noted European Commissioner for Internal Market Thierry Breton. “Our European companies, large and small, will also benefit from this digital identity, they will be able to offer a wide range of new services since the proposal offers a solution for secure and trusted identification services.”

“The Commission’s 2030 Digital Compass sets out a number of targets and milestones which the European Digital Identity will help achieve,” reports Homeland Security Today. “For example, by 2030, all key public services should be available online, all citizens will have access to electronic medical records; and 80 percent of citizens should use an eID solution.”

However, the proposed European Digital Identity faces a number of hurdles regarding adoption. For example, there is no requirement as of yet for Member States to develop an interoperable Digital Identity wallet; it would certainly require significant effort to drum up awareness and support from individuals, business and platforms; details will likely be necessary to prove how certified wallets would store and protect user data; and web browsers would be required to honor qualified trust certificates for website authentication.