By Lokke Moerel, Senior Of Counsel, Morrison & Foerster (Brussels)
Europe is one of the most digitalized societies in the world, and this has only been accelerated by the COVID‑19 pandemic. Within no time, people started working from home and children were being schooled online. According to a 2020 report by McKinsey, the pandemic accelerated digital adoption by seven years. However, as we become increasingly digitized, the vulnerabilities that come with the changes also increase.
2020 saw a 70% increase in internet-related crime, including COVID‑19 scams, and a 150% increase in ransomware attacks exploiting work-from-home technologies. The rapid shift away from physical transactions accelerated the demand for trusted digital identities and also triggered new demands such as cross-border use capabilities, use in the physical world, and privacy friendly features such as sharing only specific attributes and entitlements, like identifying as a pensioner or student, having a driver’s license, or being older than 18.
The European Commission has recognized the new demands and has proposed a modernized EU regulation for electronic identity, introducing digital ID wallets. Where media and commentators focus on changes required by the Digital Services Act and the Digital Markets Act, the new digital identity regulation will likely have the biggest impact on current digital business models. The European digital ID wallets will likely become a new intermediary function in the digital ecosystem and disrupt the gatekeeper function of current digital platforms as well as their ability to collect and combine data of their users.
European “single market for data”
The EU Strategy for Data aims to establish a European single market for data by opening up access to data assets and driving data sharing in open digital ecosystems across the entire European economy. The single market will facilitate data also to be exchanged across sectors in a way that fits European values of self-determination, privacy, transparency, security, and fair competition.
The centerpiece of the data strategy is the concept of European data spaces, which bring together the EU data of nine defined clusters of organizations with common interests (e.g., financial, health care, and government) so the scale of data required for AI-driven innovation for the clusters can be achieved. The design of the data spaces will be based on full interoperability of the data exchange infrastructure and data sovereignty, whereby users will be provided with the tools to make decisions about data sharing and access.
With these measures, the EU intends to flip the current digital business models. The actual parties that generate the data will regain control, as a result whereof the current digital platforms will no longer be able to lock in the data of their users in their ecosystems. This strategy also fits the Data Governance Act, opening up public data for innovation through independent intermediaries. Where data spaces require many-to-many interactions, digital identity solutions and consent dashboards will become an inherent part of the design of any data exchange.
EU digital ID wallets
The modernized framework for a European digital identity is based on self-sovereignty of European citizens. Member states will now have to offer citizens and businesses at least one digital ID wallet, which is stored as an app on smartphones and enables EU citizens to authenticate and access online services across the EU.
Digital ID wallets will be issued by a member state or by a private entity (after the wallet is certified by accredited bodies designated by the member state). The wallet will enable citizens to do more than simply prove their identity; it will also store proof of other personal attributes and credentials, such as education certificates, birth certificate, and bank cards, and further enable citizens to digitally sign documents with a qualified electronic signature (which is a higher level of identity proofing and security and is well suited for banking transactions).
This will be a big change. For example, when renting a car, individuals will be able to prove they have a driver’s license by sharing the attribute “in possession of a driver’s license” from their digital ID wallet without having to actually provide a physical copy of the license. At the moment, citizens still have to log in for each and every digital service with the vulnerable system of a user name combined with a password and manually enter and disclose their personal data. To simplify the login process, many websites currently offer individuals the option to authenticate their identities via their account credentials from one of the major digital platforms. This creates large concentrations of both business and personal data on these platforms, which has a direct impact on citizens’ privacy and digital sovereignty.
Under the new digital identity regulation, large digital platforms will be required to accept the use of digital ID wallets as well as all service providers that offer services that require strong customer authentication (SCA). The new regulation further restricts the sharing of personal data to what is strictly necessary for the provision of the service, precludes the issuer of the wallet from collecting information on the use of the wallet, and prevents the issuer from combining personal data in the wallet with any other personal data in its possession, “unless the citizen expressly requested it.”
When data sharing across industries (“multi to multi markets” ) becomes the norm, digital ID wallets will become a new intermediary function in the ecosystem, potentially disrupting current platforms, as these platforms once did to others. Not surprisingly, some global technology companies are developing self-sovereign wallet functionality, which may well meet EU requirements. These wallets are expected to become their next big revenue source, even more so than their payment solutions.
Although the restrictions described above for issuers of wallets as to collection and combining of data may at face value seem detrimental to issuers’ digital business models, that is not actually the case. Where many market players have to accept the digital ID wallet for authentication, being the party offering the digital ID wallet actually creates a channel to request users’ consents in the first place and preserve customer contact strategy and relevance. Offering digital ID wallets then becomes a competitive advantage in and of itself.
The post The disruptive impact of EU digital ID wallets appeared first on Cybersecurity Insiders.
May 30, 2022 at 04:08AM
0 comments:
Post a Comment