Thursday, October 1st, 2020

Personal Identity and the EU: Going Where eIDAS Takes Us

In a previous post we took a long look at eIDAS and its apparent understanding of personal identity. We found disturbing issues. Disturbing because eIDAS is national law in EU member states. Its concepts had better be compatible with reality.

The European Union is very much about creating a free flow of people, goods and services across borders. These days an increasing share of services are digital. Many public sector web services only serve their own nationals. eIDAS states that this limitation is an electronic barrier. If a barrier is electronic then, of course, the remedy must also be electronic. (Lawmakers don’t see the difference between electronic and digital.) So eIDAS proposes, and implements, an electronic trust infrastructure that spans all of the EU.

What if the obstacle is not an electronic barrier? In my opinion, what eIDAS calls a barrier is really a clash with basic facts. An electronic system cannot undo facts even if politicians mandate it.

As for personal identities, the following simple facts should be uncontroversial.

  • Every person has multiple identities, and
  • each identity has a scope within which it is relevant.

Yet eIDAS does not agree with the first item and does not consider the second item at all, the concept of scope. A personal identity may be 100% correct and specific, but it loses its relevance outside of its scope.

Commercial cross-border transactions is already a widespread reality. Examples of personal identities used in such transactions are phone number, credit card number, email address. Note that none of these identities is constrained by national borders.

Many countries have implemented a government-supported personal identity system. For instance, Sweden has a personal id number system which is used in all kinds of contexts, public and private sectors alike. Such personal identities have a clear scope: the national jurisdiction. A Swedish personal id number is very useful in Sweden, but loses its relevance outside Sweden.

What will politicians do when they discover that eIDAS does not achieve one of its key goals? My bet is that the importance of scope will dawn upon lawmakers. For a politician, if a limited scope is a problem, the obvious solution would be to widen the scope. In other words, expect a personal id system covering all of the EU. Not that such a solution would fare much better than the present, but I think the idea is irresistible to EU politicians.

eIDAS already has created new pools of personal data and cross-border flows of personal data within the EU. An all-EU personal identity concept most probably will cause extensive flows of personal information between member states. Most of it will happen out of sight of ordinary citizens. I am not at all comfortable with this prospect.

Comments are closed due to spam overload, but you may email blog AT soderstrom DOT se

Topics: Digital Signatures | Comments RSS

Comments are closed.