As digital identity solutions gain momentum across Europe, privacy advocates are raising urgent concerns over how much personal information users might unknowingly hand over, especially with the widespread introduction of EU Digital Identity (EUDI) Wallets on the horizon.
These new identity wallets, designed to offer individuals direct control over their own digital credentials, were a central topic at this year’s European Identity and Cloud Conference (EIC) in Berlin.
But in spite of the promise of autonomy lies a deeper problem: without robust systemic checks, individuals may find themselves sharing far more than they intended.
Henk Marsman, a principal consultant at SonicBee and researcher at the Delft University of Technology, warned that simply placing control in the hands of users doesn’t guarantee their privacy will be respected. The assumption that informed decisions are always rational ones is flawed, he explained, especially when design tricks and commercial incentives come into play.
“Even though I think I’m an autonomous being and I make informed decisions, I can be quite easily manipulated and influenced by nudging techniques, by dark patterns, or just by a five percent discount,” Marsman said at the conference, as reported by Biometric Update.
His research focuses on the psychological vulnerabilities that digital systems can exploit. According to Marsman, while the eIDAS regulation frames the wallet as a tool for user empowerment, offering protection from threats such as cybercrime and identity theft, it fails to adequately account for the social and behavioral dynamics at play.
“If the relying party wouldn’t ask too much, we wouldn’t have this risk,” Marsman said. “One of the challenges with relying parties is that they have a data-driven business model or at least some of them have, and that is the incentive to get more data off their users.”
Despite the wallet’s potential to enhance privacy through user-managed access, the system’s ambiguity about who defines and enforces limits leaves too much room for abuse.
