European digital rights network EDRi is warning that the EU is rushing the rollout of its digital identification system in an increasingly undemocratic way, without properly addressing the issues of privacy, security, and safety, as the bloc is “chasing an unrealistic deadline.”
eID Wallet, regulated by the Electronic Identification, Authentication and Trust Services (eIDAS) rules, is close to getting implemented, but the EU is accused of choosing to move forward too quickly, without first ensuring that proper protections are in place.
EDRi member epicenter.works has been making these warnings for several years now, noting that eIDAS itself, adopted in April, mandates the main privacy and security protections, something the EU is nonetheless avoiding.
According to the organization, the safeguards that should be built into the Wallet won’t be there as the system is implemented, amid what seems like typical EU confusion, purposeful or otherwise. Namely, the EU Commission is said to be ignoring some eIDAS provisions adopted this year, choosing instead to stick to the version it proposed in 2021, and doing this over the heads of both the EU Parliament and the Council.
What makes something of this kind possible is a host of technical implementing acts, and it is in these acts that the Commission has been able to get its original regulation proposal to “reflect,” the digital rights group believes.
One of the implementing acts set for adoption on November 17 regards key safeguards “against the risk of over-identification and over-sharing of personal information – that is, the regulation of who may ask which information from users.”
But, a number of acts will have to be reopened within a year, making tax money another “victim” of the EU’s almost inexplicable rush to get eID Wallet up and running. Money will be wasted on a large scale, EDRi is warning.
“This essentially means tax money will be spent on a large-scale software project in the middle of which fundamental requirements are going to change (for example, for interoperability of the Wallet between member-states),” the network says.
The way to address the problems, according to EDRi, is for the EU to decide on a major change of course, i.e., give up on the fast implementation and instead opt to include all the personal data and other key protections in a way that will not “trade people’s safety and security for an unrealistically fast implementation of a tech tool that threatens our fundamental rights.”
Otherwise, EU member countries should “reject the draft implementing acts in their upcoming meeting in mid-October,” EDRi states.
