Brussels has plans to introduce a European digital identity (eID). According to experts, there are quite a few snags to the idea. “Over-identification is lurking,” they tell NU.nl.
The European Commission announced the plans in June 2021. Brussels wants an app – the European Union itself speaks of a wallet – Introduce everything about yourself, such as a driver’s license, diplomas and medical certificates.
With the digital identity you must be able to do business with the government, but also with companies. This involves, for example, proving that you are of age if you want to buy alcohol, if you are going to open a bank account or if you want to log in to social media.
The intention is for member states to build their own app. The apps must then meet certain requirements and can be linked to each other. It is still unclear exactly what they will look like.
Bart Jacobs, professor of Computer Security at Radboud University Nijmegen, is positive about the European Commission’s plans. He thinks such an app is “in principle a good idea” and thinks that citizens can benefit from it. But, he also immediately emphasizes: “There are a number of snags.”
Ensuring security in the event of a hack
According to him, these are mainly in the implementation of the plan. For example, Jacobs thinks that the app open source must be. This means that its source code is public. Everyone can then check that no data is being piped away.
Jacobs also advocates decentralized data storage. This means that citizens’ data is not stored in one place, but on your own device. You can then log in somewhere yourself without a third party watching you, as Facebook now does when logging in via Facebook.
According to the professor, there is also an important role for the Dutch Data Protection Authority (AP). “People must be able to file a complaint somewhere, for example if a party asks for more personal data than necessary. According to the AVG, this is prohibited in any case, but with such an app the danger of this increases.”
Don’t depend on Apple and Google
Jaap-Henk Hoepman, associate professor of privacy at Radboud University Nijmegen, understands why Brussels is working on the eID. According to him, the European Commission is in a difficult package.
“If they don’t come up with European verification, then Apple and Google will realize something like that. That means you’re completely dependent on tech giants for digital passports. That’s a situation you don’t want to end up in.”
Hoepman, like Jacobs, thinks that over-identification is lurking. “With the eID you make it easy for providers to obtain information about you. But it is not the intention that they ask you how old you are if you want to send a postal package.”
According to him, there should also be an alternative for people who do not have or do not want a smartphone. They should not be left out, he emphasizes. Incidentally, according to the European Commission, the use of the app is not mandatory.
Increasingly identifying for services
Vincent Böhre, director of the Privacy First foundation, is anything but enthusiastic about the European Commission’s plan. “We mainly see disadvantages in this. With eID you threaten to have to identify yourself for more and more services. We think that is unnecessary anyway.”
According to him, a privacy-friendly app would still be manageable. “But the question still remains whether this is simply a wrong path that we should not want to take as a society at all,” says Böhre.