European Digital Identity - a new era for the protection of personal data

The European Digital Identity Wallet will be a mobile app issued by each EU Member State. It should allow EU citizens and residents to identify themselves online to access public and private online services across Europe.

The range of areas in which the portfolio can be used is extremely broad and covers virtually all important areas such as transport, energy, banking and financial services, healthcare and many others.

Every wallet user will be able to use online services, share digital documents such as a mobile driving licence or e-prescription, open bank accounts and make payments. It will also be possible to use a qualified electronic signature for non-professional purposes via the wallet.

Alongside all the possibilities that are provided for natural and legal persons, the Regulation also introduces conditions for web browser providers in relation to website authentication certificates, which will contain data on the identity of the domain owner. This innovation has been strongly opposed by web browser providers as it conflicts with other regulations, with even one of the largest providers flatly refusing to comply with these conditions.

It is also foreseen that providers of qualified certification services (e.g. companies offering electronic signature services) will be entitled to electronically verify the following data about the user:

• Address;
• Age;
• Gender;
• Marital status;
• Family composition;
• Nationality and citizenship;
• Educational qualifications, titles and licenses;
• Professional qualifications, titles and licences;
• Powers and authority to represent natural and juridical persons;
• Public authorisations and licences;
• For legal entities - financial and corporate data.

Of course, when providing this amount of information to an app, the question of data protection logically arises and how far the powers of the EU and Member States extend.

The recitals to the Regulation state that Member States should integrate different privacy-preserving technologies, such as zero-knowledge proof. Another example that is given is the implementation of such cryptographic methods that allow to confirm whether a declaration made through the wallet is true without revealing any data on which that declaration is based.

Undoubtedly, immediately before and after the introduction of such software in Member States, many legal and life cases will arise.

KGK Law Firm's team has many years of experience in the field of European regulations and personal data protection and is ready to assist you if you need advice on the matter.