Files
trust-issues/src/content/stories/eu-wallet-arrives-before-its-privacy-does.md
T
Compleet eaf9a614d9
validate / validate (push) Successful in 23s
Publish the first trust story collection
2026-07-14 13:58:14 +01:00

5.3 KiB

title, description, published, editorialOrder, reviewed, author, maintainers, status, featured, homepage, section, frontTone, draft, tags, image, imageAlt, imageCredit, imageCreditUrl, trustPattern
title description published editorialOrder reviewed author maintainers status featured homepage section frontTone draft tags image imageAlt imageCredit imageCreditUrl trustPattern
The EU wallet arrives before its privacy does Europe's identity wallet is real, useful, optional—and racing toward a privacy problem that selective disclosure does not solve. 2026-07-14 1 2026-07-14 Ana
Ana
developing true true Identity / Now paper false
eudi
digital-identity
privacy
europe
https://images.unsplash.com/photo-1691256676376-357c3aa66c89?auto=format&fit=crop&w=1800&q=82 A hand holding a smartphone with a blank screen personalgraphic.com https://unsplash.com/photos/a-person-holding-a-phone-in-their-hand-u1b6E6IkSGQ
claim trusted failure
A wallet can let Europeans prove facts without routinely handing over an entire identity document. Users must trust national wallet providers, credential issuers, relying parties, device security, certification, and the rules connecting them. Selective disclosure can reduce what one verifier sees while still leaving repeated presentations linkable across time or services.

By the end of 2026, every EU member state is supposed to offer at least one European Digital Identity Wallet. That sentence used to sound like a policy aspiration. It now describes software, implementing regulations, certification work, six large-scale pilots, and a deadline.

The wallet is intended to hold more than a digital passport. A person may use it to present a driving licence, a diploma, a professional qualification, a bank-related credential, or a proof of age. Its use is legally optional. The application components installed on a user's device must be open-source licensed. Relying parties that are required to identify customers will in many cases have to accept it.

This is not nothing. Today, proving that you are over eighteen can mean showing a stranger a document containing your name, photograph, date of birth, nationality and document number. A well-designed wallet can answer the narrower question instead: yes, this person is over eighteen.

The European Commission calls this user control. The phrase is deserved, but incomplete.

Four parties, not one wallet

The friendly picture is a phone containing your credentials. The working system has at least four kinds of actor:

  1. the person using the wallet;
  2. an issuer that signs a fact about them;
  3. a relying party that asks to see it;
  4. a scheme authority that decides which wallets, issuers and relying parties count.

Then come the phone maker, operating system, secure hardware, wallet provider, certification bodies, national registries, revocation services and whatever recovery process appears when the phone is lost.

The wallet moves some data and decisions toward the user. It does not remove the surrounding government and commercial trust system. It gives that system a new interface.

Disclosure is not unlinkability

The urgent issue is not whether a credential can hide unnecessary fields. The technical formats can do that. The harder question is whether two presentations can be recognised as coming from the same person.

In its 2025 technical analysis, the European Data Protection Supervisor distinguished selective disclosure from unlinkability. Commonly deployed credential formats can reveal only selected attributes while retaining values or signatures that let a relying party recognise repeat visits. Colluding parties may gain more. Anonymous-credential and zero-knowledge systems can do better, but they bring different implementation and revocation costs.

This is not an argument to cancel the wallet. Paper documents overshare. Passwords are miserable. "Sign in with Google" is hardly a sovereignty programme. A common European alternative could be genuinely useful.

It is an argument for asking the right acceptance question. Not: does the wallet share less data than a passport scan? It often will. Ask: which parties can tell that two apparently minimal disclosures belong to the same person, and under what conditions?

The distinction will determine whether the wallet becomes a privacy tool that happens to identify us, or an identity system that happens to disclose selectively.

The practical test

Before installing a national wallet, a person should be able to answer five questions without reading a standards repository:

  • What will a service receive when I approve this request?
  • Can this service recognise me next time?
  • Can the issuer learn where I used the credential?
  • What happens when I replace or lose my phone?
  • Can I use the service another way?

If the interface cannot answer those, "full control" is still a policy claim rather than a user property.

Sources