The European Commission (EC) intends to introduce a digital ID card (e-ID). The app will be used instead of a national identity card, driver’s license or passport, and will be accepted throughout the European Union. Large web platforms with many European users will have to accept the e-ID card as a login method, much as today one can login to services using a Google or Facebook account.
The proposal was presented on Thursday by the Executive Vice President of the European Commission for a Europe Fit for the Digital Age, Margrethe Vestager, and the European Commissioner for Internal Market, Thierry Breton. The EU wants to start a test phase for the electronic ID card scheme at the end of 2022.
The proposal speaks of a digital wallet, which should serve as a digital ID card and as a digital storage for diplomas, marriage certificates, bank cards, or doctor’s prescriptions, for example. This should make it easier to prove a user’s identity and various things about them throughout the European Union.
“It’s basically the same as showing a paper document, but digitally,” said Vestager.
The EU already has regulations on electronic ID authentication systems (eIDAS), which entered into force in 2014. The e-ID intends to expand on that by addressing some of its limitations and inadequacies, such as poor uptake and lack of mobile support.
Some EU Member States already offer national electronic IDs, but there is a significant problem with interoperability across borders, the Commission explains. It noted that today, just 14% of key public service providers across all Member States allow cross-border authentication with an e-identity system, though it also added that cross-border authentications are rising.
“The European digital identity will enable us to do in any Member State as we do at home without any extra cost and fewer hurdles … This is a unique opportunity to take us all further into experiencing what it means to live in Europe, and to be European,” Vestager said.
She also emphasised that the app will be secure and transparent and that users can decide how much information they wish to share about themselves.
For example, someone who wants to order beer in a bar would only have to prove that she is old enough to drink alcohol in that country. The pub would not need to view other personal data if the user does not want this.
The Commission also highlighted that the e-ID would not be made mandatory.
Euro ID card login for “very large platforms”
The European Commission also wants to introduce the EU e-ID as a login method.
“For example, it should be possible to log in not with a Facebook or Google account but with your digital European ID profile,” Vestager said.
For the time being, the requirement to offer Euro ID login will apply to sites that have more than 45 million users in Europe (10 per cent of the EU population). In addition to Facebook and Google, many other social media platforms are also included.
This is meant to resist the expanding reach of tech giants like Google and Facebook, which have come under heavy scrutiny from the EU in recent times.
“Every time an app or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality,” said EU Commission President Ursula von der Leyen in a speech last September.
Instead of using one’s Facebook or Google profile to log in to other apps, the Commission is proposing a “secure European e-identity … A technology where we can control ourselves what data and how data is used.”
However, the Commission did not explain how it would convince or compel web browsers to integrate the e-ID, ensuring a streamlined integration. The press release merely stated that “very large platforms will be required to accept the use of European digital identity wallets upon request of the user.”
Another big question mark that needs to be added to the Commission’s proposal is the issue of data storage, and more importantly, data safeguarding. The storage of vast amounts of personal data could become a significant target for cybercriminals.
In a Q&A session, a Commission spokesperson pointed out that the proposal would provide for a high level of security.
“The Commission will propose and agree with Member States on standards, technical specifications and operational aspects to ensure the Member States’ Digital Identity Wallets have the highest security levels. Member States will certify their wallets to ensure they comply with these requirements. Any personal data will be shared online only if the citizen chooses to share that information.”
However, it did not give any further details on how it plans to implement and ensure the said level of security.
Despite the lack of detail, The Commission stated that lawmakers were laying out a roadmap for the e-ID. In parallel to the legislative process, the Commission said it would work with Member States and the private sector on technical aspects of the e-ID. Through the Digital Europe Programme, the Commission aims to support the implementation of the European Digital Identity framework.