Required cookies

This website uses cookies necessary for its operation in order to provide the user with content and certain functionalities (e.g. language selection). You have no control over the use of these cookies.

Website visitor statistics

We collect visitor statistics on the use of the site. The data is not personally identifiable and is only stored in the Matomo visitor analytics tool managed by CSC.

By accepting visitor statistics, you allow Matomo to use various technologies, such as analytics cookies and web beacons, to collect statistics about your use of the site.

Change your cookie choices and read more about visitor statistics and cookies

CSC

In CSC’s view, the idea of moving from rigid digital identities towards provision of specific attributes related to those identities is functional and responds best to what is expected of electronic identity solutions nowadays. This approach is particularly welcome as it allows for targeted sharing of identity data depending on what attributes are required for each transaction. The users’ freedom to choose what data to share with whom increases their control over their own identity data in line with the MyData and Data Sovereignty principles. At the same time, users will have greater responsibility of their own data and must be supported in making informed decisions about sharing their data.

The new European Digital Identity framework implies significant legislative and technical changes at Member State level, especially due to the ambitious requirement for the new Digital Identity Wallets to meet the requirements of assurance level “high” which may prove particularly challenging for the mobile applications. Such changes will require appropriate change leadership and resourcing as well as time. This must be taken into account when setting the objectives and deadlines for the implementation of the new framework.

CSC is pleased to note that the proposal pays due attention to consistency with other Union policies, especially the General Data Protection Regulation. However, certain aspects of the interplay of the EUid Regulation with the GDPR require clarification, in particular the question of who is the data controller of the attributes in the users’ wallets. If the data controller is the organisation that manages the authentic source and has written the attribute to the wallet, a number of questions arise on, for instance, the legal grounds (GDPR Article 6) of release of the attribute, ensuring minimal disclosure (GDPR Article 5.1.(c)) and the possible liability of the data controller for misconduct (e.g. poor information security practices) of the relying service.

In addition to being consistent with other Union policies, the new legislative framework must take into account existing solutions in its own field, including the ones developed in the private sector. In general, further cooperation between the public and the private sector must be promoted and innovation in both sectors encouraged. It is also important to ensure interoperability both between the solutions developed by different Member States and between the public and the private sector. Interoperability is a key prerequisite in developing well-functioning and user-centric Pan-European digital frameworks.

The proposal pays due attention to ensuring interoperability but leaves the details for Member States to agree in the form of a Toolbox defining the technical architecture, standards and guidelines of the framework. The Toolbox will be crucial for ensuring uniform implementation across the Union and must therefore be prepared carefully. Preparation must include all relevant stakeholders and be allowed sufficient time, most likely requiring a revision of the timeline foreseen in the Toolbox Recommendation. The results of the Toolbox work must be also evaluated when reviewing the Regulation (Art. 49) and, if need be, included in the revised Regulation to make them legally binding.