Greetings from Brussels!
As with all things trending to digital strategy in the EU, you may recall back in September 2020, EU member state leaders were keen to impress upon the European Commission the urgent need to develop an EU-wide public e-ID system to access cross-border digital services. The pandemic has only reinforced the priority of working towards a robust EU digital ecosystem, in tandem with the realization of a functioning level of interdependent autonomy and digital sovereignty.
The EU is now looking to accelerate its plans to create a digital wallet that would work in all 27 member states. On 3 June, the European Commission announced detailed plans over the digital ID wallet, which is intended to store identity, payment and password details to facilitate EU citizens' access to public, as well as private sector websites and services.
With the fever pitch surrounding the GDPR's implementation in May 2018, the entry into full force of the eIDAS regulation — as a key enabler of cross-border digital transaction — in September 2018 was understandably overlooked. Nonetheless, this GDPR-aligned piece of legislation is critical to how member states will recognize the electronic identification of users. In other words, one could say these two regulations are designed to protect user privacy while also making it convenient for citizens to transact across borders with their digital identity. A word that springs to mind is interoperability, and how to guarantee its viability across jurisdictions; no easy feat, I am sure. In the years leading up to September 2018, progress was made to create a uniform legal framework — and level playing field — to standardize digital identification and e-signatures, organizations to be transactional and expand the digital single market.
The trinity of data protection, application reliability and application security against external and nefarious threats will undoubtedly be the main three challenges for the EU. The voluntary EU-wide mobile app will rely on biometric authentication for access, using user fingerprints or retina/facial recognition for identity verification. Given the high level of personal data sensitivity that could be held in your own personal repository, the EU is planning a "structural separation" that would prevent companies from being able to gain access to an individual’s data for processing purposes beyond what is intended.
One of the more interesting aspects of the digital wallet as reported in the media is the possibility of uploading payment cards to the application. This could amount to an eventual competitive challenge to what is still a relatively closed and coveted market dominated by the likes of the Apple, Google, and Samsung pay platforms — although we are unsure whether users will be able to make direct purchases yet. However, it is plausible and arguably optimal for the EU app to be competitive. Having a single digital wallet for both a variety of official documents, as well as payment cards, will simplify transactions like renting a car, boarding a plane, or just purchasing tickets to a sporting or music event. This has to be the holy grail of digital, and the value proposition for widespread uptake.
In any event, privacy pros should keep an eye on this as it is very much a potential opportunity downstream for their respective organizations and customers, particularly those operating in the software space. It is predicted the eIDAS market for authentication, authorization and services will be worth more than 2.2 billion euros by next year. There will be plenty of challenges and a definite need for privacy pros in this space as it develops.