The EDPS and EDPB has always been lucky with its trainees; this session has been no different, and it was a pleasure to welcome such bright and driven trainees to our offices over the last five months. This year, the trainees produced a three-part podcast about the EU Digital Identity Wallet as the closing project of their traineeship. This is a topic of high relevance especially when it comes to its data protection implications.
I therefore invite you to explore their podcast and all of the thought-provoking questions and discussions it contains, along with the following blogpost, summarising what the trainees have learnt from this experience.
Every traineeship session, the EDPS and EDPB trainees organise a conference as a final project to mark their time spent at the institution. This session, we decided to eschew the traditional conference format and instead produced a series of podcasts to explore a topic in great depth.
The COVID-19 pandemic has driven many things online (this conference included). It prompted a rethink of the best and safest way to provide services to people. In-person interactions dwindled, paper and ink replaced by emails and pdfs. While this movement towards online services has been generally beneficial, there are data protection problems that can be better addressed.
The European Commission therefore proposed a European Digital Identity Wallet (DIW) in June 2021. E-government capabilities vary between the EU’s member states, with the DIW being a concrete attempt to assist countries lacking in digital identity infrastructure.
The DIW is still on the horizon, which is why we chose to examine it closely and see what is currently on the table, what it may look like, what the risks are and what its potential future uses are. To tackle this initiative in all its complexity, we spoke to several experts from multiple fields over the course of three episodes.
In the first episode, we had to get to grips with the outline of the DIW proposal. To do so, we spoke to Viky Manaila, an international expert in the field of electronic signatures, digital identity and digital transformation processes, and Isabel Skierka, the program leader for technology policy and a researcher with the Digital Society Institute at the European School of Management and Technology in Berlin.
The crux of the Commission proposal is to create a Wallet, which will be available to all EU citizens and residents, along with businesses based in the EU. It would be usable not only for identity documents, but for all attestations, including those with sensitive personal data, such as health data-related documents. Through the DIW, citizens will be able to prove their identity and share information with the click of a button on their phone or another edge device. Furthermore, large online platforms and service providers will be required to accept the use of the DIW upon request of the user, creating an alternative to Apple and Google solutions. These Wallets work with digital IDs to hand control of data back to the individual by allowing them to hold their identity on their device and choose with whom they wish to share the data.
In the second episode, we applied a more critical lens to the project by looking at its impact on vulnerable individuals and those with low digital literacy. Thomas Lohninger, the Executive Director of the digital rights NGO epicenter.works in Vienna and the Vice-President of European Digital Rights, and Lina Jasmontaite, a PhD researcher from Vrije Universiteit Brussel on the interaction between new technologies and the rights of individuals, were our guides through this important topic.
The discussion touched upon several aspects to be considered, such as health, consumer behaviour, banking and insurance data, as well as suggestions for usage amelioration for people of vulnerable backgrounds. An important facet is the EU Commission's statement that EU DIW users should be able to make decisions for themselves about their online presence and interactions, meaning personal data transfers would require their explicit consent. However, in order to do so, EU DIW users must first be fully aware of how their data may be affected. As a result, people with low digital literacy are more at risk. Our experts advised that materials need to be designed and disseminated to assist people with understanding the DIW. There should also be the option for individuals to receive hands-on help to ensure that they know what they are signing up for.
The final episode covered a potential use case of the DIW, namely the digital Euro. We asked Prof. Dr. Philipp Sandner, head of the Frankfurt School Blockchain Center at the Frankfurt School of Finance & Management, about possible design features of digital currencies in general and in particular, what a digital Euro could look like and how this topic relates to the DIW.
Dr. Amandine Jambert, an IT specialist from the French data protection authority CNIL, explained the potential data protection implications of the use of a digital Euro in connection with the DIW. The topic is largely up for debate, because so far the European Central Bank, who would be responsible for the issuance of a digital currency, is still exploring different design features. Nothing is set in stone and no final decisions have been made, but the discussion is becoming more and more vibrant. This discussion can be added to the current lively discourse around the digital Euro.
In conclusion, the DIW is a step in the right direction and has therefore been broadly welcomed in the data protection community. However, those responsible for designing the final product will need to take into consideration the needs of all citizens, not just those with a solid understanding of technology. Furthermore, strong regulations will be required in advance of releasing the DIW to avoid potential abuses and data breaches.
The EDPS and EDPB trainees of October 2021
Irena Achilleos, Rogers Alunge Nnangsope, Daniel Herlihy, Marek Jessen, Joana Mota Peixinho, Paraskevi Nikolaidou, Rumer Ramsey, Christina-Aikaterini Sterianou Gazila, Angeliki Tiligadi.