European Digital Identity: Permanent personal identification number is off the table!

Representatives of the EU Parliament and the Council of the European Union reached a political agreement on the core elements of a new framework for a European digital identity (eID) in the early hours of yesterday morning. 

The requirement that member states assign a lifelong unique personal identification number to each citizen, which had been opposed by Pirate Party MEPs in several committees, was completely removed from the draft. The Pirates were also able to prevent the mandatory acceptance of state browser certificates, but rejections due to insufficient security will need to be justified. The details of the agreements will now be negotiated in further technical meetings and will probably be finalised in another trialogue under the Spanish Presidency in autumn.

Pirate Party MEP Patrick Breyer, who negotiated the bill in the co-advisory Committee on Civil Liberties (LIBE), comments:

“We successfully prevented the allocation of a unique, permanent personal identification number that could have been used to comprehensively record and monitor our lives. Instead of a uniform personal identification number, different user numbers can be assigned from one service to another in the future. This must now be be made clear in the wording of the legislation.

Nevertheless, there is a great danger that the planned ‘digital identity’ will gradually displace the anonymity on the internet that protects us from profiling and identity theft. We have not been able to enforce the right to use services without electronic identification or authentication. Those who register with social media via their eID wallet out of convenience will therefore sacrifice their anonymity.

Many details are still unresolved. In the further negotiations, we Pirates will push for the sensitive data of citizens in their digital wallets to be stored exclusively in a decentralised manner on their own devices – unless they opt for centralised storage. Decentralised data storage protects our data from mass hacks and identity theft. We also demand guarantees that non-users of the theoretically voluntary eID system must not suffer any disadvantages and can use alternative identification or authentication methods.“

Pirate Party MEP Mikuláš Peksa, who sits at the negotiating table for the Committee on Industry, Research, and Energy (ITRE), comments: 

“Yesterday, we made a significant shift in the design of eIDAS 2.0, which will be privacy-conscious and provide users with a user-friendly electronic wallet for all kinds of IDs and certifications. We already know that e-signatures will be free for individuals, and in the draft, we have finally eliminated unique persistent identifiers that could facilitate snooping. However, there is still a lot of work to be done. Nonetheless, this stands as a nice victory of reason, for the time being.”

Background: In the course of the so-called EIDAS reform, the planned “European Digital Identity” is to give EU citizens access to public and private digital services and enable online payments. The Federal Ministry of the Interior mentions the opening of a bank account, the registration of SIM cards, the digital storage of driving licences and the storage of digital prescriptions, but also the identification for mail or social media accounts.