EU Commission proposes permanent digital ID through e-wallet system

The implementation of the regulation for a European electronic identity (EUid) based on digital wallets (e-wallets) continues to cause a stir. There was particular controversy between the EU member states and the Parliament regarding the obligation demanded by the EU Commission to design the planned electronic proof of identity (eID) as a lifelong personal identification number. The legislators ultimately decided against the concept of a "unique and permanent identifier" for online wallets. However, the Commission now wants to introduce its idea through the back door, with a legal act to implement the eIDAS Regulation.

According to Article 11a of the eIADS_Regulation, Member States should carry out unique identity comparisons of natural persons if the respective state relies on the electronic identity of such persons for cross-border services. According to the Commission's draft implementing provisions, however, private companies should also be allowed to access this sovereign centralized identity verification service.

This should not only be possible if user identification is prescribed by national or EU-wide law, but also explicitly in "know your customer" cases. In these cases, financial institutions are instructed to verify the identity of customers. The credit card group Visa, in particular, is pushing for relief here.

The Commission is thus crossing a red line and "blatantly overstepping its boundaries", criticized the Austrian civil rights organization Epicenter.works in a statement. The private sector has been expressly excluded from identity matching as defined by the regulation. A centralized system for identity matching with a unique and permanent personal identifier was generally not envisaged by the legislator. The Commission wants to inadmissibly extend Article 11 and disregard the political agreement. Epicenter.works therefore demands: "In order to maintain trust in the eIDAS ecosystem and the democratic process, these new provisions must be deleted immediately."

Personal identification number makes citizens transparent

Critics fear that information from many areas of life could be merged through the comparison of the lifelong identification number and that citizens could become transparent. No one should be able to centrally monitor the interactions of EUid users and link information from areas such as e-government, banking transactions, journeys on public transport or logins to social networks. Epicenter.works also finds it unpleasant that the Commission plans to include additional, optional data records for identity matching. This would virtually sabotage the identification process, unless all participants had stored the same optional data set.

Together with 14 other civil rights organizations such as European Digital Rights (EDRi) and the Electronic Frontier Foundation, Epicenter.works also criticizes the fact that the prescribed public register of parties using the EUid is inadequate. For example, the current provision does not provide for the possibility of listing all registered bodies. This means that consumer protectors, for example, cannot see how employers or companies are using the identities. This would allow Facebook, for example, to circumvent protective measures and demand all data from the wallet from European users. In addition, the Commission had already watered down the right to use pseudonyms with the first implementing acts. The situation has deteriorated further with the latest drafts.

(ds)