FB pixel

Will EU digital identity drop the unique identifier?

Will EU digital identity drop the unique identifier?
 

The European Commission may be changing its mind about its proposed requirement for all European Union member states to incorporate unique identifiers in digital IDs that become part of the bloc’s interoperable ID structure.

Proposals to remove the mandate are being considered by the committee overseeing legislative development, and a Commission spokesperson has told news outlet Euractiv that a single identifier is negotiable.

A persistent, or lifelong, unique identifier could be used to track individuals across any government database. While the first-look regulation on identity in 2014 was based on privacy by design, the Commission has added persistent identifiers for eIDAS 2.0, being developed.

Such a tracking device would be illegal in Austria and the Netherlands and unconstitutional in Germany, said Thomas Lohninger of the digital rights umbrella group European Digital Rights (EDRi), speaking at the Internet Privacy Engineering Network’s digital identity workshop. He called such identifiers “super cookies” and “outrageous.” Belgium is already using unique identifiers.

The European Parliament’s Committee on Industry, Research and Energy is leading the review of a draft report on proposals for a digital ID framework. The committee’s lead rapporteur, Romana Jerković, published suggested amendments with some notable changes.

Following is text proposed by the Commission in 2021 (emphasis shows proposed deletion):

“Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union law, to identify the user upon their request in those cases where identification of the user is required by law.”

Following are amendments (emphasis shows proposed addition):

In order to ensure interoperability of European Digital Identity Wallets, Member States shall provide a minimum set of person identification data, in conformity with national and Union law, which can unequivocally identify the user upon their request in those cases where identification of the user is required by law.”

Proposals have been inserted to show how an individual can be identified in another member state (the key aim of the entire endeavour) via the wallet. Pseudonyms and self-sovereign identity principles could be called on:

“When accessing public and private services cross-borders, authentication and identification of a user of the Wallet should be possible. The receiving Member States should be able to unequivocally identify the user upon their request in those cases where identification of the user is required by law. In order to ensure high-level of trust and security of personal data, different technical solutions should be considered, including the use or combination of various cryptographic techniques, such as cryptographically verifiable identifiers, unique user-generated digital pseudonyms, self-sovereign identities and domain specific identifiers using state of the art encryption technology.”

Another insertion to the draft introduces a “once only” approach to data-sharing nationally or internationally. This could control interaction with organizations without them tracking the individual:

“This Regulation should support the use of the ‘once only’ principle in order to reduce administrative burden, to support cross-border mobility of citizens and businesses, and to foster development of interoperable e-government services across the Union. The cross-border application of the ‘once only’ principle should result in citizens and businesses not having to supply the same data to public authorities more than once, and that it should also be possible to use those data at the request of the user for the purposes of completing cross-border online procedures.”

Over at the European Commission, the stance on an identifier may be changing.

“It is not necessary to have a single identifier and when identifiers are used, the strictest legal and technical safeguards must be applied,” a Commission spokesperson told Euractiv.

Meanwhile, the third organ of the European Union, the European Council, is currently being hosted by the Czech Republic, which is keen to push ahead with Europe’s digital agenda.

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

DHS awards SVIP contract to Procivis for decentralized identity software

Procivis AG, a subsidiary of Swiss institution Orell Füssli, has been awarded a tender through the U.S. Department of Homeland…

 

IDnow rides online betting wave from UEFA Euro Championship

IDnow is capitalizing on UEFA European Football Championship fever, registering over eight times more identity verification requests on sports betting…

 

Android 15 integrates biometric security across the board

In the latest Android 15 Beta 3 release, significant progress has been made in the area of biometric authentication. In…

 

Vote begins on biometric injection attack standard

Europe’s standard for biometric data injection attacks is on track to be published in October of this year, and could…

 

Police Scotland engages public on biometric data rights amid cloud storage concerns

Police Scotland has commenced the distribution of an information leaflet to all individuals in police custody who have their biometric…

 

‘Facial recognition is the easy part’: digital travel ID pilot results are in

Air travel has been getting more complicated. From security and passport checks to special documents such as COVID-19 certificates, passengers…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events