By Laura Kabelka | Euractiv Est. 5min 07-06-2022 (updated: 08-06-2022 ) shutterstock_1736248895 [Iurii Motov/Shutterstock] Euractiv is part of the Trust Project >>> Languages: Français | DeutschPrint Email Facebook X LinkedIn WhatsApp Telegram The European Parliament’s rapporteur put forth a number of proposals to improve the European Digital Identity Wallet as part of the new eIDAS Regulation, focusing on interoperability, data privacy and equal access. In June 2021, the European Commission proposed a regulation on electronic identification and trust services for electronic transactions (eIDAS) with the intention of harmonising digital identification across the EU. By 2023, every member state must make a Digital Identity Wallet (EDIW) available to citizens and businesses. The file was then the object of a lengthy competency dispute between the committees of the European Parliament, which resulted in a complex arrangement with the industry committee (ITRE) in the lead, and the committees for consumer protection (IMCO) and civil liberties with some exclusive competences (LIBE). Romana Jerković, the MEP responsible for the file in ITRE, published her draft report last week introducing significant changes to the original text. “Harmonised digital identity framework has the potential to significantly reduce operational costs linked to identification procedures, for example during the on-boarding of new customers, and to reduce expenditures or damages related to cybercrimes, such as data theft and online fraud, to support innovation and competitiveness, and to promote digital transformation of the Union’s small and medium-sized enterprises (SMEs),” Jerković wrote in the report. According to the report, this framework aims to “complement national digital identity solutions” and should be used both for identification and authentication, online as well as offline. To ensure wide use of the framework and reduce administrative work, Jerković proposed the use of the “once-only principle”, where citizens and businesses would not have to supply the same data to public authorities multiple times. Additional changes related to data protection, access, transparency and cross-border identification. European Commission proposes 'digital identity wallet' The European Commission has introduced a legislative proposal for an EU “digital identity wallet” that would allow numerous services like opening a bank account or filing tax returns to be done purely digitally. Privacy and security To tackle privacy concerns, both cybersecurity and privacy shall follow the “by design principle”. According to the draft, “it shall be technologically impossible to receive any information on the use of the Wallet or its attributes”. Personal data shall only be stored and processed in the territory of the European Union, where Union and national law apply. User content should be explicitly given in order to store information from the wallet in the cloud. The use of biometrics should not be a precondition for its use and biometric data should not be stored in the cloud. The requested user information should be “necessary and proportionate for the intended use case,” following the principle of data minimisation. At the Council meeting of telecom ministers (3 June), the Italian digital minister raised concerns about the impact on web security. Under the plan’s revised Article 45, browsers would be forced to accept Qualified Web Authentication Certificates, or QWACs, from certificate authorities, regardless of whether they meet the browser’s security standards. Zero-Knowledge Proof The report also proposed verification of a claim without revealing the source data that proves it. Such a Zero-Knowledge Proof approach, based on cryptographic algorithms, would allow the demonstration of someone’s age or location, for instance, while preserving the privacy of the user. Also, anonymity could be preserved while verifying that an action is executed by a real person. Therefore, the report argues that this approach could help fight against bots and disinformation. Access Large platforms which require user identification or authentication for accessing online services shall be mandated to accept the European Digital Identity Wallets – upon voluntary request of the user. The use of the European Digital Identity Wallets will be on a voluntary basis and free of charge. Users will not be restricted regarding access to government services, the labour market or the conduct of business if they do not use the European wallet and its users shall not be granted privileges to public and private services. For the rapporteur, the member states should ensure equal access to electronic identification means for everyone, including vulnerable groups. Transparency Regarding the transparency and comparability of all the wallet’s issuers, the Commission was asked to keep a public register, including their main specifications. This information should be made publicly available to citizens and enterprises by the member states. The draft also requests that the potential perks of the EDIW should be communicated well to the public and it should be made sure that citizens are competent to use it. Cross-border user identification Instead of “unique identification”, as proposed by the Commission, ITRE suggested the terminology “cross-border user identification” and emphasised the need for interoperability. Each EU country will establish its own national wallet, which will need to be interoperable across the bloc via “a minimum set of personal identification data” that will allow identifying users. This need to ensure cross-border operability was also in focus at the Council meeting of telecom ministers last week. According to The Hague and Warsaw, the system should not be mandatory, because public institutions should continue to offer an alternative. Governance An entire chapter on governance was added to the ITRE draft report. Each member state should publicly establish or designate at least one “national competent authority” and one “national single point of contact”. The single point of contact is supposed to have a liaison function ensuring cross-border and cross-sectorial cooperation. On the basis of ITRE’s draft report, amendments can be tabled until 28 June. [Edited by Luca Bertuzzi/Nathalie Weatherald] Read more with Euractiv France proposes clarifications and additions in new rulebook for political adsThe French Presidency of the EU Council has issued a compromise text on the legislation on online political advertising, clarifying the scope of the rules.
