Home Wallet Is the digital identity wallet safe?

Is the digital identity wallet safe?

Is the digital identity wallet safe? cover

While the digital world offers unmatched convenience, from online shopping to banking and social networking, it can also expose individuals to significant risks. It’s therefore no surprise that fear of digital threats, such as hacking or the invasion of privacy, has made many people hesitant to share personal information, conduct financial transactions, or fully embrace new technologies.

With the arrival of eIDAS 2.0, all EU citizens will soon be able to use a digital identity wallet to prove their identity to securely access government portals, make safer purchases and ensure control over their medical data – and much more.

With the move from a physical to a digital wallet, questions and doubts arise about the storing of personal data on your phone. Is the digital identity wallet a safer option than your physical passport or wallet?

Keeping control of your data and privacy

eIDAS 2.0, or Electronic Identification and Trust Services, is a European Union regulation that aims to ensure secure and reliable electronic identification and trust services across the EU. With the European Digital Identity (EUDI) Wallet, a key pillar of eIDAS, all EU citizens will be able to store digital versions of important documents safely, putting you in control of your own data and privacy.

What does that mean?

eIDAS 2.0 focuses on decentralized identity. This puts the user central, by allowing them to centrally collect and store credentials and use them for identification and authentication. Verifiers can verify the validity of the user’s credentials without the issuers knowing or tracking the users: the user is the linking pin between the two parties, which eliminates the need for a third, external party.

What’s more, with the digital identity wallet, you will never share more information than absolutely necessary. Proving your date of birth? A verifier will not need access to your full name, citizen service number, or anything else. Applying for a house? The agency won’t need to see your name – hereby even eliminating possible discrimination issues.

A work in progress

eIDAS 2.0 has built its framework around these concerns of digital threats. However, this development of the framework and the subsequent EUDI Wallet is still very much ongoing, with many questions to be answered and decisions to be taken.

For example, what happens with our data? In eIDAS 2.0, authentic sources play an important role. An authentic source is the organization that owns ‘the truth’ about someone or something, such as a government database like the Chamber of Commerce. Authentic sources can be public or private organizations or systems: they can basically be any organization that holds information (attributes) about you. These can be attributes such as your address or your age, but also things such as diplomas, licenses, or mortgage documents.

Preview EUDI Wallet
While the technology is still evolving, this video gives a preview of how the EUDI Wallet might look and function:

Where does eIDAS 2.0 meet the GDPR?

These authentic sources have a lot of work to do to prepare their databases to become compatible with the EUDI Wallet. In doing so, they will need to adhere to the eIDAS 2.0 framework, but also to the GDPR. The EU General Data Protection Regulation, converted to the Algemene Verordening Gegevensbescherming (AVG) in the Netherlands, has three goals. It aims to protect the rights of users in regards to their data, ensure that data privacy laws keep up with the ever-changing landscape of technology, and create unified and consistent legislation across the EU.

In a way, the EUDI Wallet follows in the footsteps of the GDPR, by prioritizing privacy. It mainly does so by significantly reducing the liability of the authentic source, also known as the ‘data processor’ in the GDPR. When a user, or ‘data controller’, downloads their personal data into the EUDI Wallet, the authentic source does not need additional information about the user: there is full certainty about the identity of that user.

While the roles of data controller and data processor might be switched up a little in eIDAS 2.0, both regulations prioritize privacy, meaning there is no conflict between the two.

Is the technology ready?

The EUDI Wallet is an ambitious project, which brings a second concern into play: is the technology ready?

While every citizen in the European Union will soon have the right to have access to a digital wallet, the technology and standards required for this wallet are still under development. Although there are a few things already in place, such as the W3C verifiable credentials, most implementations are still being worked on – and none of them are being developed at a large scale.

This means that the main challenge lies in achieving interoperability across various standards, protocols, and wallet platforms. Ensuring seamless service compatibility and allowing users to transfer data between wallets will be the critical hurdles to overcome.

Currently, each EU government has an important choice to make regarding the development of the wallet. How do we develop our wallet? There are three options: the government develops their own wallet, they do so in collaboration with a private party, or they fully outsource the development to a private party. Considering the expertise that the private sector holds, one of the two latter options might be the most realistic one.

Remote Secure Element: the game changer

The decentralized nature of the EUDI Wallet keeps data safe, as it ensures that users remain in control of their own data. But how about the protection of the Wallet itself? Ubiqu offers an innovative technological solution for this problem.

The EUDI Wallet contains a cryptographic token that is linked to an identity. Ubiqu has created the patented Remote Secure Element (RSE), which allows users to store this cryptographic token in a dedicated hardware element in a secure data warehouse. This token is then only accessible via the mobile phone of the user, allowing them to have the strongest possible identity, without the hassle of having to carry it around. This RSE is a game changer – making identity fraud something of the past.

A secure digital identity

With eIDAS 2.0, you will soon be able to securely prove your identity with your mobile phone, just like your physical passport. Our Remote Secure Element, together with you as the owner of your data, will ensure you will be able to use the EUDI Wallet with confidence – both nationally and across EU borders.

While many questions yet remain unanswered, the eIDAS 2.0 framework makes sure that they will be resolved in a way that is secure, efficient, and puts the user central – making sure that you will soon be able to head to the airport in a carefree manner, leaving your physical passport at home.