This commit is contained in:
@@ -0,0 +1,76 @@
|
||||
---
|
||||
title: "The EU wallet arrives before its privacy does"
|
||||
description: "Europe's identity wallet is real, useful, optional—and racing toward a privacy problem that selective disclosure does not solve."
|
||||
published: 2026-07-14
|
||||
editorialOrder: 1
|
||||
reviewed: 2026-07-14
|
||||
author: "Ana"
|
||||
maintainers: ["Ana"]
|
||||
status: developing
|
||||
featured: true
|
||||
homepage: true
|
||||
section: "Identity / Now"
|
||||
frontTone: paper
|
||||
draft: false
|
||||
tags: ["eudi", "digital-identity", "privacy", "europe"]
|
||||
image: "https://images.unsplash.com/photo-1691256676376-357c3aa66c89?auto=format&fit=crop&w=1800&q=82"
|
||||
imageAlt: "A hand holding a smartphone with a blank screen"
|
||||
imageCredit: "personalgraphic.com"
|
||||
imageCreditUrl: "https://unsplash.com/photos/a-person-holding-a-phone-in-their-hand-u1b6E6IkSGQ"
|
||||
trustPattern:
|
||||
claim: "A wallet can let Europeans prove facts without routinely handing over an entire identity document."
|
||||
trusted: "Users must trust national wallet providers, credential issuers, relying parties, device security, certification, and the rules connecting them."
|
||||
failure: "Selective disclosure can reduce what one verifier sees while still leaving repeated presentations linkable across time or services."
|
||||
---
|
||||
|
||||
By the end of 2026, every EU member state is supposed to offer at least one European Digital Identity Wallet. That sentence used to sound like a policy aspiration. It now describes software, implementing regulations, certification work, six large-scale pilots, and a deadline.
|
||||
|
||||
The wallet is intended to hold more than a digital passport. A person may use it to present a driving licence, a diploma, a professional qualification, a bank-related credential, or a proof of age. Its use is legally optional. The application components installed on a user's device must be open-source licensed. Relying parties that are required to identify customers will in many cases have to accept it.
|
||||
|
||||
This is not nothing. Today, proving that you are over eighteen can mean showing a stranger a document containing your name, photograph, date of birth, nationality and document number. A well-designed wallet can answer the narrower question instead: **yes, this person is over eighteen**.
|
||||
|
||||
The European Commission calls this user control. The phrase is deserved, but incomplete.
|
||||
|
||||
## Four parties, not one wallet
|
||||
|
||||
The friendly picture is a phone containing your credentials. The working system has at least four kinds of actor:
|
||||
|
||||
1. the person using the wallet;
|
||||
2. an issuer that signs a fact about them;
|
||||
3. a relying party that asks to see it;
|
||||
4. a scheme authority that decides which wallets, issuers and relying parties count.
|
||||
|
||||
Then come the phone maker, operating system, secure hardware, wallet provider, certification bodies, national registries, revocation services and whatever recovery process appears when the phone is lost.
|
||||
|
||||
The wallet moves some data and decisions toward the user. It does not remove the surrounding government and commercial trust system. It gives that system a new interface.
|
||||
|
||||
## Disclosure is not unlinkability
|
||||
|
||||
The urgent issue is not whether a credential can hide unnecessary fields. The technical formats can do that. The harder question is whether two presentations can be recognised as coming from the same person.
|
||||
|
||||
In its 2025 technical analysis, the European Data Protection Supervisor distinguished **selective disclosure** from **unlinkability**. Commonly deployed credential formats can reveal only selected attributes while retaining values or signatures that let a relying party recognise repeat visits. Colluding parties may gain more. Anonymous-credential and zero-knowledge systems can do better, but they bring different implementation and revocation costs.
|
||||
|
||||
This is not an argument to cancel the wallet. Paper documents overshare. Passwords are miserable. "Sign in with Google" is hardly a sovereignty programme. A common European alternative could be genuinely useful.
|
||||
|
||||
It is an argument for asking the right acceptance question. Not: *does the wallet share less data than a passport scan?* It often will. Ask: *which parties can tell that two apparently minimal disclosures belong to the same person, and under what conditions?*
|
||||
|
||||
The distinction will determine whether the wallet becomes a privacy tool that happens to identify us, or an identity system that happens to disclose selectively.
|
||||
|
||||
## The practical test
|
||||
|
||||
Before installing a national wallet, a person should be able to answer five questions without reading a standards repository:
|
||||
|
||||
- What will a service receive when I approve this request?
|
||||
- Can this service recognise me next time?
|
||||
- Can the issuer learn where I used the credential?
|
||||
- What happens when I replace or lose my phone?
|
||||
- Can I use the service another way?
|
||||
|
||||
If the interface cannot answer those, "full control" is still a policy claim rather than a user property.
|
||||
|
||||
### Sources
|
||||
|
||||
- [European Commission: EUDI Regulation and end-of-2026 rollout](https://digital-strategy.ec.europa.eu/en/policies/eudi-regulation)
|
||||
- [Regulation (EU) 2024/1183](https://eur-lex.europa.eu/eli/reg/2024/1183/oj)
|
||||
- [European Data Protection Supervisor: Digital Identity Wallets](https://www.edps.europa.eu/data-protection/our-work/publications/techdispatch/2025-12-15-techdispatch-32025-digital-identity-wallets_en)
|
||||
- [Official Architecture and Reference Framework](https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework)
|
||||
Reference in New Issue
Block a user