Ensuring privacy and personal data protection


Gemalto believes that trust in the digital world would rely on each individual owning a secure device that can be used as a key, enabling either:

  • The use of personal identification components proving the individual’s identity to allow online access to all services enabling citizens to exercise their rights, fulfill their responsibilities, or carry out a transaction. .
  • The granting of consent online with regards to the content of a digital document, or the provision of formal agreement with regards to an event, which can be documented.
  • The encryption of a data file to make en exchange or conversation secure.

This device would be all the more widespread if easy to use. The secure device remains the technology of choice, but mobile phones, USB keys, NFC technology or any other device must also be considered, since they guarantee interoperability between the holder of the secure device and the server operating the transaction related to the digital exchange.

Trusted public third parties should be considered, operating according to European directives, and permanently guaranteeing the application of the principle of finality (I only have the right to query a data file if I am authorized to do so within the strict context of the authorized subject of my request), asking specific questions thanks to the principle of proportionality (I only receive the data I am interested in for the specific question which I am authorized to ask).Gemalto supports the addition of a provision authorizing anonymous authentication and identification within the eIDAS Regulation, in a bid to guarantee privacy protection in an eIDAS European system. This would allow suppliers of online services such as e-healthcare or online games to use a strong authentication system without revealing the first and last name of the user.

Gemalto’s proposal

emalto proposes to create a “Privacy by Design” label with the support of public authorities to generate the required trust. Gemalto actively supports the creation of such a label, which would be approved by relevant certification authorities, and displayed by online service suppliers. The SOGIS Mutual Agreement, 95/144/EC would complete this label by ensuring mutual recognition and a high level of security.

Gemalto also suggest to add data minimization, pseudo ID and anonymous authentication in the eIDAS Regulation, and urges European decision-makers to amend and adopt the eIDAS and Draft Data Protection Regulation in parallel, in order to ensure overall consistency of their provisions.