As 2023 continues, the European Commission appears busy developing and running pilots for its EU Digital Identity Wallet (EUDI), which it intends to make available to all EU citizens in the near future. But while the European Commission (EC) boasts the prospective EUDI’s convenience, security, and wide range of prospective use cases in daily life, what’s less discussed is the tool’s potential for a bevy of ethical and surveillance-related issues.
What is the EU Digital Identity Wallet (EUDI)?
EU Digital Identity Wallets are personal digital wallets allowing citizens to digitally identify themselves, store and manage identity data and official documents in electronic format. These may include a driving licence, medical prescriptions or education qualifications.
As legislation streamlining their slated use across Europe is finalized, the European Commission is advancing its efforts to roll out EUDIs amongst the general European public, where over 250 private corporations and public authorities are participating in four large-scale pilot projects. At the time of writing, the EU has invested €46 million into these pilots.
Indeed, a wide range of use cases are already being tested in the EUDI pilot projects. These include using the wallets to access government services, register, and activate SIM cards for mobile network services, sign contracts, facilitate travel, and present educational credentials. All together, these use cases suggest the Digital Identity Wallets’ prospective utilization across a wide range of services essential to daily life.
Convenience, But for Whom?
The European Commission frequently plays up the digital wallet’s convenience, with messaging boasting that users will be able to use the Wallets to check into hotels, file tax returns, rent cars, and securely open bank accounts. European Commission President Ursula von der Leyen highlighted the following in a 2020 State of the Union address, where she proposed the concept of a “secure European e-identity:”
Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data is used and how.
Certainly, von der Leyen is correct that “we have no idea what happens to our data” when we create online accounts or log in to private services, positing that Digital ID can work to solve a core problem many people have when using the internet.
But critically, the European “e-identity,” and digital identification methods generally, pose a bevy of new issues for civilians in both the short and long term. Namely, while Digital ID can provide users access to services, a 2018 WEF report on Digital ID admits the tool’s propensity to exclude; “[f]or individuals, [verifiable IDs] open up (or close off) the digital world, with its jobs, political activities, education, financial services, healthcare and more.”
And indeed, within the control of a corrupted state or other governance structures, Digital ID’s propensity to “close off” the digital world appears ripe for misuse or abuse. Researcher Eve Hayes de Kalaf, for example, writes in the Conversation that “states can weaponise internationally sponsored ID systems” against vulnerable populations. She highlights an example from the Dominican Republic, where long-term discrimination against Haitian-descended persons manifested in the stripping of their Dominican nationality in 2013, rendering them stateless.
Meanwhile, it’s not difficult to imagine others falling through the digital “cracks” as Digital ID systems become mainstream and interconnected with, if not a prerequisite for, accessing critical social and financial services and supports.
As Jeremy Loffredo and Max Blumenthal elucidate in 2021 reporting for the Grayzone, for example, the 2017 introduction of Aadhaar, India’s biometric ID system, “which tracks users’ movements between cities,” led to a spate of deaths in rural India as difficulties accessing the Aadhaar system functionally blocked goods and benefits recipients from accessing the country’s ration stores, leaving them to even starve. India’s Scroll reported that, in a random sampling of 18 villages in India where biometric authentication had been mandated to access government-subsidized food rations, 37 percent of cardholders were unable to obtain their rations.
Despite the devastation it has caused, Aadhaar has ultimately been promoted as a success, and Rest of World reports that India’s setting up international partnerships to export its popular Unified Payments Interface (UPI), an instant payment system which uses the Aadhaar biometric ID system as its base, elsewhere.
Clearly, Digital ID poses significant possible societal harms if implemented hastily. Despite these possible harms, as I note for Unlimited Hangout, a near-universal adoption of Digital ID systems increasingly appears inevitable, with “Juniper Research [estimating] that governments will have issued about 5 billion digital ID credentials by 2024, and a 2019 Goode Intelligence report [suggesting] digital identity and verification will be a $15 billion market by 2024.”
Further, legislative strides have been made towards the digital wallet’s interoperability across the EU. In other words, key services are being hyper-centralized across borders and digitized in ways more traceable than paper counterparts could have been — all at the authorities’ fingertips.
Critically, the EUDI Wallet is apparently slated to connect with or otherwise include financial services, where EU citizens will be able to use their EUDI to open bank accounts and even apply for loans. Further, language from a European Central Bank policy brief on the European Digital Identity Framework suggests that the “EUDI wallet will bring benefits to all the stakeholders of the payment ecosystem” even including “foreseen support for the digital euro.”
While the European Commission’s keen to spotlight the EUDI’s alleged benefits for “the stakeholders of the payment ecosystem,” it appears less eager to discuss the dangers surrounding the plausible, if not likely, linkage of digital identity with money, and especially digital currencies, where elite capacities to track, or even manipulate or block civilians’ abilities to accept or make payments, could be unprecedented.
In short, EU Digital Identity Wallets are slated to be convenient for everyday civilian use. At the same time, these wallets, and other adjacent digital ID systems budding elsewhere, could also be convenient for governments and governance structures looking to surveil, monitor or otherwise manipulate or control critical aspects of citizens’ lives en masse.
The DIIA Connection
Despite its lack of EU member status and war on its hands to boot, Ukraine is involved in the EU Digital Wallet pilots. Namely, as I reported on my Substack, DIIA, Ukraine’s hyper-centralized state-in-a-smartphone app, is assisting the EU Digital Wallet’s rollout. In fact, Ukrainian Minister of Digital Transformation Mykhailo Fedorov highlighted in a Telegram post from July that DIIA representatives had even showed off the DIIA app’s capabilities at the POTENTIAL (Pilots for European Digital Identity Wallet) Consortium this summer.
Notably, many of the EU Digital Wallet’s use cases being tested in the pilots are already reality with Ukraine’s DIIA app. Indeed, Ukrainians use DIIA for a range of day-to-day activities, including to verify their identities to use banking services, hold a variety of digital IDs (such as drivers’ licenses and biometric passports) and even pay certain taxes and access social services for families. Ukraine’s Ministry of Digital Transformation has emphasized its intention to make all public services available online: DIIA is to be the “one-stop-shop” for these services.
And, as I’ve mentioned before in previous reporting for my Substack and Unlimited Hangout, DIIA’s scope creep continues as conflict deepens, with the app providing war-adjacent services. Ukrainian civilians affected by war have received stipends through the app, for example, and can also verify their identities through DIIA to sign into e-Vorog (“e-enemy”), a chatbot that allows Ukrainian citizens to report information about Russian military whereabouts to the state.
All together, these conditions suggest DIIA may serve as a kind of blueprint for or precursor to Europe’s adjacent Digital Wallet, where the EU Digital Wallet, already a centralized application slated to assist citizens in a number of critical day-to-day services, could take on a growing number of government services across the European Union. While it remains to be seen what happens with the Digital Wallet rollouts in Europe, the wallet’s EU-wide implementation and smartphone app format, where features can be easily introduced, removed, or edited at will, means that scope creep on a comparable scale cannot be ruled out.
Many people are understandably interested in digital documents and other easy ways to access public services and complete tasks in a digital age. But these services and tools, when facilitated by states and adjacent governance structures, and unaccountable members of the private sector, come with significant ethical and surveillance concerns that should be extensively discussed and debated by the public. In this respect, it appears the prospective EU Digital Identity Wallet is no exception.
But debate or not, Digital Wallet pilot rollouts and EU member states’ respective Digital ID adoption is ongoing, with an EC press statement explaining that “everyone will have a right to have an EU Digital Identity” accepted in all EU Member States.
And while the European Commission communicates “there will be no obligation” to use an EU Digital ID Wallet, EC report Communication 2030 Digital Compass: The European Way for the Digital Decade elucidates that a 2030 target for the EU is for 80 percent of citizens to use an “electronic identification solution.” Ultimately, the mixed messaging leaves room for speculation that, even if Digital IDs are not obligatory when introduced, the general population could somehow be nudged or eventually even mandated into adopting Digital IDs to access key public services.
While Digital ID proponents emphasize the tools’ capacity for convenience and security in an increasingly online world, the ethical and privacy issues I’ve highlighted here signal that, if rolled out hastily, the EU Digital Identity Wallets could ultimately have disastrous and lasting consequences for privacy and civil liberties. And, once implemented, it seems Digital IDs could be difficult to roll back even if unpopular, ultimately nudging people into a technocratic nightmare they cannot easily escape.
In short, the dangers posed by emerging Digital ID systems like the EUDI Wallet cannot be discounted as Europe grows into its “digital decade.”