According to the agreed text, this new Digital Identity Wallet will allow citizens to identify and authenticate themselves online without having to resort to commercial providers – a practice that raises trust, security and privacy concerns.
The EU wallet will be used on a voluntary basis. During negotiations, MEPs secured provisions to safeguard citizens’ rights and foster an inclusive digital system by avoiding discrimination against those opting not to use the digital wallet.
The agreement provides for free “qualified electronic signatures” for EU wallet users, which are the most trusted, and have the same legal standing as a handwritten signature, as well as wallet-to-wallet interactions, to improve the fluidity of digital exchanges. MEPs have also mandated the wallet’s open-source nature to encourage transparency, innovation and to enhance security. Moreover, they set stringent rules for the registration and oversight of companies involved to ensure accountability and traceability.
Data protection and privacy
Via the so-called privacy dashboard, users will be able to have full control of their data and request that their data be deleted, as provided for under the General Data Protection Regulation (GDPR). Additionally, the right to use a pseudonym is enshrined in the legislation.
The legislation clarifies the scope of Qualified Website Authentication Certificates, which ensures that users can verify who is standing behind a website, while preserving the current well established industry security rules and standards.
Rapporteur Romana Jerković (S&D, HR) said: “The European Digital Identity Framework is game-changing legislation that will propel the digitalisation of the public sector and society as a whole. At its core, the primary objective of this legislation is to improve the everyday lives of EU citizens by facilitating access to public and private services, not only within their own countries but also during travels and stays in other EU member states. It aims to empower them by putting them in full control over the use and sharing of their data. Digital identity has evolved from being a mere convenience to becoming a catalyst for civic involvement, social empowerment, and a means to foster inclusivity in the digital age”, she added.
The legislation will now have to be endorsed by both Parliament and Council before it becomes law. The Industry, Research and Energy Committee will hold a vote on the file on 28 November.
A study from the European Parliament research service highlights that since the pandemic, the provision of public and private services has become increasingly digital. At the same time, entities such as banks, electronic communication service providers and utility companies, some of which are required to collect identity attributes, are acting as verified identity providers.
Existing digital wallet solutions allow users to store and link data in a single, seamless environment on their mobile phones. However, according to the Commission, this convenience comes at the cost of loss of control over personal data, while these solutions are disconnected from a verified physical identity, which makes fraud and cybersecurity threats more difficult to mitigate.