FB pixel

Will EU digital identity drop the unique identifier?

Will EU digital identity drop the unique identifier?
 

The European Commission may be changing its mind about its proposed requirement for all European Union member states to incorporate unique identifiers in digital IDs that become part of the bloc’s interoperable ID structure.

Proposals to remove the mandate are being considered by the committee overseeing legislative development, and a Commission spokesperson has told news outlet Euractiv that a single identifier is negotiable.

A persistent, or lifelong, unique identifier could be used to track individuals across any government database. While the first-look regulation on identity in 2014 was based on privacy by design, the Commission has added persistent identifiers for eIDAS 2.0, being developed.

Such a tracking device would be illegal in Austria and the Netherlands and unconstitutional in Germany, said Thomas Lohninger of the digital rights umbrella group European Digital Rights (EDRi), speaking at the Internet Privacy Engineering Network’s digital identity workshop. He called such identifiers “super cookies” and “outrageous.” Belgium is already using unique identifiers.

The European Parliament’s Committee on Industry, Research and Energy is leading the review of a draft report on proposals for a digital ID framework. The committee’s lead rapporteur, Romana Jerković, published suggested amendments with some notable changes.

Following is text proposed by the Commission in 2021 (emphasis shows proposed deletion):

“Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union law, to identify the user upon their request in those cases where identification of the user is required by law.”

Following are amendments (emphasis shows proposed addition):

In order to ensure interoperability of European Digital Identity Wallets, Member States shall provide a minimum set of person identification data, in conformity with national and Union law, which can unequivocally identify the user upon their request in those cases where identification of the user is required by law.”

Proposals have been inserted to show how an individual can be identified in another member state (the key aim of the entire endeavour) via the wallet. Pseudonyms and self-sovereign identity principles could be called on:

“When accessing public and private services cross-borders, authentication and identification of a user of the Wallet should be possible. The receiving Member States should be able to unequivocally identify the user upon their request in those cases where identification of the user is required by law. In order to ensure high-level of trust and security of personal data, different technical solutions should be considered, including the use or combination of various cryptographic techniques, such as cryptographically verifiable identifiers, unique user-generated digital pseudonyms, self-sovereign identities and domain specific identifiers using state of the art encryption technology.”

Another insertion to the draft introduces a “once only” approach to data-sharing nationally or internationally. This could control interaction with organizations without them tracking the individual:

“This Regulation should support the use of the ‘once only’ principle in order to reduce administrative burden, to support cross-border mobility of citizens and businesses, and to foster development of interoperable e-government services across the Union. The cross-border application of the ‘once only’ principle should result in citizens and businesses not having to supply the same data to public authorities more than once, and that it should also be possible to use those data at the request of the user for the purposes of completing cross-border online procedures.”

Over at the European Commission, the stance on an identifier may be changing.

“It is not necessary to have a single identifier and when identifiers are used, the strictest legal and technical safeguards must be applied,” a Commission spokesperson told Euractiv.

Meanwhile, the third organ of the European Union, the European Council, is currently being hosted by the Czech Republic, which is keen to push ahead with Europe’s digital agenda.

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometric sensors for road safety launched by Infineon, Rheinmetall Dermalog

Infineon Technologies and Rheinmetall Dermalog Sensortec have each introduced biometric identification and authentication tools, one based on fingerprints and other…

 

New tools, Authenticate presentations coax hesitant businesses to adopt passkeys

The FIDO Alliance has launched a pair of tools at its Authenticate 2024 event online and in Carlsbad, California, Passkey…

 

How to get passkeys working for a billion Microsoft users and beyond

The FIDO Alliance has kicked off the Authenticate 2024 conference with a campaign urging people to “free yourself with passkeys,”…

 

French regulator releases technical reference on age verification for porn

France’s Regulatory Authority for Audiovisual and Digital Communication, Arcom, has published its Technical Reference on Age Verification for the Protection…

 

EU’s EES delay welcomed as an opportunity to test biometric efficiency

The implementation of the European Union’s biometric Entry/Exit System (EES), designed to tighten border security and streamline the tracking of…

 

De La Rue exits authentication business with $393M acquisition by Crane NXT

Crane NXT, a micro-optics and security systems manufacturer based in the United States, has announced the acquisition of De La…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events