• Gemalto is now part of the Thales Group, find out more.

Bringing eID to Europe: a question of privacy

​In our first piece, we looked at the fundamentals of eIDAS and its safeguards for sovereignty. But what about that all-important issue: privacy?
First published on March 19, 2015

 

In mid-2016, the Electronic Identification and Trust Services (eIDAS) will come into force, meaning all EU citizens will benefit from secure digital identities.

At their most optimistic, advocates of the eIDAS system believe it will solve two problems facing EU governments: the need to save money by streamlining the process of business, and the need to improve levels of trust in government. An EU-commissioned report published in 2013 found that fewer than one in four EU citizens "tend to trust" their national government and parliament. The number who trust the EU had also fallen from a high of 57% in 2007 to just 31%.

While ongoing economic problems explain most of that fall, in the larger OECD area, a recent study found that 40% of citizens no longer trust governments to protect their rights and privacy in the wake of revelations about internet surveillance in the US, UK, Canada, Australia and New Zealand by former National Security Agency contractor Edward Snowden. It's telling that in the document outlining the explicit aims of eIDAS, the word "trust" is repeated 13 times.

A vehicle for building trust
Professor Reinhard Posch, Chief Information Officer for the Austrian Federal Government, helped to draw up the eIDAS proposals. He says the EU can use eIDAS to prove it can be trusted with citizens' credentials by implementing identity technology with safeguards and oversight.

"It is about recognition of processes and technology of all member states," he says. "It is about eID, not about content. While storing data is an important issue, and while we will see to what extent security technologies, encryption especially, can enable broad use, eID does not store data nor address the storing of data.

"We need to get to a point where not using this, or not offering this, results in a shift of liability," he adds. "Services that allow higher risk by not offering eIDAS-compatible security should also have to take more responsibility for security breaches."

In other words, eIDAS will succeed if it is seen as an essential badge of personal security and financial reliability. And who can argue with that?

TAGGED IN identity and access; government; egovernment; mobile id; eid