Digital Convenience vs Digital Control: Rethinking the EU Identity Wallet

The Pirate Post

piratepost@poliverso.org

The Pirate Post is a review of information for those who want to know the initiatives of the Pirates of the world

Segui

Messaggi della Rete

friendica (DFRN) - Collegamento all'originale

The Pirate Post

3 giorni fa (Ricevuto 2 giorni fa) da Piratica •

The Pirate Post
3 giorni fa (Ricevuto 2 giorni fa) da Piratica •

Digital Convenience vs Digital Control: Rethinking the EU Identity Wallet

In the age of rapid digital evolution, the world has increasingly come to resemble a global village, at our doorstep and just a click away. Digital technologies have reduced physical barriers, allowing people to work, study, and access services across borders with unprecedented ease.

But as digital systems become deeply embedded in everyday life, a fundamental question arises: Does digital convenience come at the cost of digital autonomy? As identity, authentication, and access move online, concerns about privacy, power, and institutional control are becoming central to the European digital debate.

In a progressively digital world, proving one’s identity online and across multiple geographic locations can be just as important as showing identification in person. From the European Union’s perspective, this is where eIDAS comes into play. The eIDAS Regulation, a set of European Union rules, has been updated to introduce a new concept: the EU Digital Identity Wallet.

It refers to the EU legal framework that regulates:

Electronic identification (digital IDs)
Electronic authentication (verifying identity online)
Trust services (like digital signatures, seals, and certificates)

The framework was established under the eIDAS Regulation to ensure that digital identities and electronic transactions are secure and legally recognised across all European Union Member States.

In simple terms, eIDAS is the law that enables people and businesses in the EU to use digital identities and trust digital documents across borders.

A Brief Background: Timeline

2014: eIDAS 1.0 regulation – First time establishment of legal frameworks for the cross-border recognition of national eID schemes. The implementation was unsuccessful due to low adoption and limited private-sector integration.
2021: A proposal floated by the European Commission, amending the 2014 regulation, to introduce a “European Digital Identity” framework, based on personal digital wallets.
2022-2023: Pilot projects introduced in April 2023. The objective was to test the wallets’ ability to process eHealth payments, driving licenses, and educational credentials.
2023-2024: A political consensus was reached in November 2023, and the EU regulation 2024/1183 came into force on 20 May 2024.
The exercise over all the above-mentioned years culminated in a decision that all Member States must provide their citizens with digital wallets by the end of 2026.

Why Digital Wallets Are Important: Policymakers’ Perspective

The EU’s Digital Decade Policy Programme 2030 aims to ensure that, by 2030, people across the Union can use a trusted, voluntary digital identity recognised everywhere in the EU and that gives users control over their personal data in online interactions.

If the timeline of eIDAS evolution is followed, the framework has experienced substantial change. eIDAS 1.0, introduced in 2014, focused primarily on the cross-border recognition of existing government-issued IDs. On the other hand, eIDAS 2.0 mandates that member states issue interoperable wallets that require verified attributes such as age, address, etc.

As proclaimed by the European Parliament, “The European Declaration on Digital Rights and Principles” also emphasises that everyone has the right to safe, secure, and privacy-protective digital technologies and services. This includes access to a reliable digital identity that protects individuals from risks such as data breaches, identity fraud, and unlawful exploitation of personal details. It further stresses that people should have control over how their data is used and shared.

Overall, a harmonised digital identity framework is intended to reduce digital barriers across Member States, strengthen transparency, and empower citizens and residents to benefit from digital services while protecting their rights.

But the roadmap to the European digital future is not without hurdles and blind spots. Under eIDAS regulations, every member state must provide its citizens with at least one digital wallet that can be used seamlessly across Europe. To facilitate a hassle-free exchange of information among wallet issuers and service providers, the European Commission adopted a Common Union Toolbox in June 2021, comprising common standards, technical specifications, guidelines, and best practices. Despite such steps, certain technical, administrative, and infrastructural gaps have been identified.

Implementation and Structural Challenges

Uneven digital readiness: Member States differ significantly in digital infrastructure. While some operate advanced electronic ID systems, others still rely heavily on traditional identification processes. This disparity may result in uneven rollout and effectiveness across the Union.
Governance and power dynamics: Digital identity systems don’t just make services easier. They also change who holds power online. Depending on how they are managed, these systems can either give people more control or put more power in the hands of governments and big tech companies.
Interoperability and technical complexity: For cross-border functionality, national systems must communicate securely and consistently. This requires common standards, certification mechanisms, rigorous testing, and long-term coordination.
Public trust and adoption: Privacy safeguards alone are not enough. Citizens must be able to trust that the system will not enable surveillance, misuse, or cybersecurity vulnerabilities. Transparency and accountability will be central to adoption.
Administrative alignment: Even though the EU sets the rules, each country is responsible for implementing them. Aligning laws, procedures, and technical systems across all countries is complicated and time-consuming.

Core Civil Society Concerns

While policymakers frame eIDAS 2.0 and the European Digital Identity Wallet as tools for integration and empowerment, civil rights parties and digital rights organisations have identified core civil society concerns that the eIDAS framework has failed to address. The European Pirates are among those digital rights advocates who argue that the risks to citizens require far greater scrutiny.

The European Pirates, along with Pirate members across the EU, have highlighted concerns that focus less on the idea of digital identity itself and more on how the system could operate in practice. Below is a list of the shortcomings of the eIDAS framework from the civil society’s perspective:

Surveillance and loss of anonymity: The wallet could enable cross-sector linking of activities such as finance, health, and transport. Critics argue that insufficient safeguards for anonymous or pseudonymous use may normalise routine identification in everyday interactions.
Over-identification and weak data minimisation: Users may be required to disclose more personal information than necessary, undermining the GDPR principle of data minimisation.
Centralisation and power concentration: Even though the system is described as user-controlled, it could end up being run mostly by government-approved providers and big platforms, leading to power imbalances.
Web security risks linked to Qualified Website Authentication Certificates (QWACs): Mandatory recognition of government-designated certificates may weaken existing browser trust models. Critics warn this could introduce vulnerabilities and potentially compromise encrypted communications.
De facto mandatory use and exclusion: Even if legally voluntary, widespread institutional implementation by banks, employers, and public services could make the wallet practically unavoidable. Those without smartphones, digital literacy, or reliable access to technology may face exclusion.
Function creep and systemic risk: There are concerns that the wallet’s scope could gradually expand beyond identification. At the same time, a widely adopted identity infrastructure could become a high-value target for cyberattacks, increasing systemic security risks.
Oversight and accountability gaps: Civil society organisations call for stronger independent oversight, open technical standards, and systematic audits to ensure the system complies with fundamental rights.

Alternative Approach

Addressing the risks posed by the eIDAS regulation to civil rights and internet freedom is of paramount importance to convert a well-intended plan into an impactful policy. If the European Digital Identity Wallet is to align with and uphold the European values of freedom and democracy, several safeguards must be put in place.

In this context, the European Pirates, in close consultation with the member Pirate Parties, have put forth a few recommendations as a formal submission to the European Citizens’ Initiative, as measures to counter the normalisation of compulsory identification – a price to be a part of a digital society.

Here are the recommendations:

Strictly voluntary participation: The use of any EU digital identity solution must remain optional and should never become a compulsory requirement for accessing services.
Decentralised and privacy-respecting design: The system should avoid a centralised structure or a permanent universal identifier and instead be built on a privacy-friendly, distributed architecture.
Mandatory use of Zero-Knowledge Proofs: Privacy-enhancing technologies such as Zero-Knowledge Proofs should be embedded as a required technical standard to enable verification of specific attributes without revealing unnecessary personal data.
Transparent regulation of relying parties: Entities that depend on the wallet for verification should be subject to clear registration, accountability, and transparency rules to minimise misuse or overreach.
No compulsory QWAC requirements: Browsers must retain the autonomy to evaluate and reject insecure certificates, without being forced to accept government-designated website authentication certificates.
Technological neutrality and digital sovereignty: The framework should prevent dependency on a narrow set of dominant, particularly non-European, technology providers and support a diverse technological ecosystem.
Safeguarding non-digital access: Traditional, offline alternatives must remain available to ensure that no individual is excluded from essential services due to digital barriers.

Closing Reflections

The EU Digital Identity Wallet represents a structural shift in how identity, access, and trust are managed in digital society. It reflects the European Union’s ambition to build an interoperable and secure digital ecosystem.

Yet the core question remains unresolved: will this infrastructure strengthen digital rights, or test their limits?

Digital convenience must not come at the cost of digital autonomy. A European Digital Identity framework worthy of its name must reinforce decentralisation, privacy-by-design, transparency, and democratic accountability.

The future of Europe’s digital space should not only be efficient and interoperable. It must remain fundamentally rights-based.

europeanpirates.eu/digital-con…

⇧