BY THE END of the year, many of your personal identity documents, such as your passport and driving licence, may live in a government-provided app on your phone.

There are plans to provide digital identification verification for all European Union citizens, which have been met with claims of a totalitarian takeover in some conspiracy theory groups, though the greater public are decidedly more indifferent.

What is the digital wallet plan that the European Commission promises will “simplify your life and protect your data”? And, of the objections to the EU digital ID, are there any worth paying attention to, or is all just hysteria?

To understand, we must understand what the digital ID is and what it sets out to do.

The Digital Wallet

The EU’s plans for a digital ID are part of what have been called EU Digital Identity Wallets.

For some people, these may be familiar already: apps like Samsung Wallet, Google Wallet and Apple Pay have some of the same functionality, including the ability to store IDs and other information.

These apps are often primarily known for storing bank card details, allowing users to pay by swiping their phone over card machines.

However, they also have the ability to store other documents too, like travel or concert tickets, transport passes, loyalty cards, gift cards, gym memberships and insurance details.

Some also say they can be used to store various forms of ID.

In practice, this usually means that you can generate a QR code to be scanned when entering a concert or going through a train station turnstile. Or that you can “tap” when paying at a card machine.

The EU wallets are a similar idea, but focus on verifying identification rather than bank cards.

The use cases outlined by the European Commission include driving licences, social services cards, academic credentials, professional affiliations, medicine prescriptions, visas and passports.

Much of the Commission’s rationale for the wallets involve protecting people’s data and privacy.

Here’s a somewhat long, EU-funded video outlining what these wallets hope to do:

These wallets will be rolled out and run by national governments before the end of the year, though some countries already have functional wallets with millions of users, as well as additional functions.

The Polish version, for example, allows users to look up a vehicle’s history, find polling stations and check local air quality.

Using these digital wallets means that you will be entrusting any sensitive data you put into it to the national government, rather than a corporation like Google or Apple — which could be a benefit or a drawback, depending on your worldview. 

The apps should also keep a record of all the personal data you have shared and who you shared it with, as well as allowing users to quickly ask anyone holding their information to delete it, and to report suspected illegal uses of data.

The wallets are also designed to allow users to share only as much information as is needed.

For example, they could be used to prove to a website that a person looking at it is over 18. But rather than sharing the full ID of the person, the app would only share the person’s age, leaving their name and date of birth private.

The European Commission also says that the apps will not profile you based on how you use them.

“The government will not track or record any data that is stored in the Digital Wallet,” an Irish government questions and answers page reads. “The user is the only person who can see their data, which is securely stored locally on their mobile phone.”

The commission’s site also makes a heap of promises about ensuring security for your data.

Multiple Irish legal commentators have noted that while the government will have an obligation to provide such a wallet for free to citizens by the end of the year, no one is obliged to use it. So, why would they?

The Commission sees this as a way to “simplify the lives of citizens and businesses; making data more secure and private”.

Notably, because every country’s wallet should be compatible with those of other countries, it should make things like accessing healthcare in other EU countries far simpler.

It is also hoped that, because the app is government-provided, it will be more trustworthy, meaning that it will be easier to verify your ID online, to open a bank account, say, even in cases where you want to limit the information you share.

So far, so not-very-controversial. What are the concerns?

Risks

Recently, remarks by a Dutch lawyer have spread widely on social media with captions like “Dutch Lawyer DESTROYS EU Digital ID Tyranny!!” and “Meike Terhorst just TORCHED the EU’s illegal Digital ID power grab in the European Parliament!”

The clip was taken at an event hosted by the small, far-right political group Europe of Sovereign Nations. It took place in the European Parliament buildings on 4 March. The speaker was not addressing the actual European Parliament itself.

“The digital ID will become a digital twin of you”, the lawyer Terhorst says in the clips shared on social media. “The European Union does not have the legal power to impose this ID system, because the EU is not a state or a country”.

Terhorst goes on to claim that uploading medical data means that you are no longer protected by doctor-client confidentiality, and that the government can use that data against you. She also rallied against more traditional conspiracy theory fodder: Covid vaccination cards, an alleged cartel of banks and big tech, trade agreements with Canada, and vaccine groups microchipping babies.

“The digital ID is implemented using censorship and propaganda,” the Dutch lawyer says.

While many of the claims featured in the clip are unverifiable, the story about babies being microchipped is a long-debunked falsehood shared in conspiracy theory circles.

However, the claims in the clip exemplify many of the objections to digital IDs shared on social media.

There are a few categories of objections people have raised to EU digital IDs.

Firstly, there are people who don’t like the idea simply because it is being introduced by the EU, which they dislike.

This is evident in some of the testimony given in the Europe of Sovereign Nations event, which talked about what they called the EU’s “dictatorial” powers, as well as in the clip of the lawyer, who talked about the EU not having the right to tell countries what to do.

Secondly, there are objections that aren’t specific to the digital ID itself, but raise concerns about other laws that they think will eventually be passed.

“Digital ID systems pushed by the WEF, UN and EU will rapidly shift from voluntary schemes into mandatory mechanisms of control resembling China’s social credit system” reads one post on X with more than 33,000 views.

The Chinese social credit system refers to a score assigned to people that can prevent them from travelling by train if they lower their score by committing infractions such as walking a dog without a leash or not paying taxes.

The Chinese State Taxation Administration has said that those with a low score should be made to “feel controlled, restless and frightened” to encourage better behaviour.

This system was also mentioned at the Europe of Sovereign Nations event.

The EU has no such plans for a social credit system, and it is unclear why the digital ID would be needed to emulate this in any case. You don’t need ID, digital or physical, to buy train tickets in Ireland. 

One of the most common claims is that the IDs will be needed to access certain websites.

If, for example, stricter age restrictions are brought in, the digital IDs very well could be used as verification. But, again, it’s unclear why digital IDs specifically would be central to this claim. Similar plans were floated by Minister for Media Patrick O’Donovan last year, though using the already existent MyGovID cards. 

UK laws already in force around accessing internet pornography require users to prove they are of legal age to do so.

However, rather than a digital ID, people are required to use photos of their actual identification documents, such as passports, and selfies taken on their devices to ensure compliance.

That system has given rise to significant privacy and data concerns.

Other claims in this category say that the digital wallets will become mandatory (Irish legal experts say that this is not how the law reads), or that, despite the EU legal assurances, it will be used to track people.

If the EU Parliament did suddenly change course and vote to change the law so that trackable  digital IDs become amndatory, that would indeed be concerning. But that is a very different prospect to that of the digital wallet alone.

A third category of concerns can be grouped under people worrying “what if something goes wrong?”

While vague, this perspective raises concerns that digital wallets could contain sensitive data, and that they should therefore be safe. But will that be ensured?

Safeguards

The Commission has released extensive material on the legal and technical safeguards for the wallets. The problem is, the overview include diagrams like this:

Via Eudi.dev/latest/architecture-and-reference-framework-main/

It is, in a word, complex.

The EU says the wallets will have to comply with digital security and privacy standards. However, recent controversies may give people reason to be sceptical about this.

The HSE hack in 2021 saw confidential medical information stolen from Irish patients and released online after a group believed to be Russian cybercriminals infected Department of Health systems with a computer virus.

The HSE claimed that the hackers exploited a “zero day threat”, meaning that even being security compliant would not have meant they could protect against this unforeseen attack.

But even disregarding cybercriminals, the Irish government itself has an imperfect track record when it comes to the protection of privacy.

Last year, Ireland’s the Data Protection Commission fined the Department of Social Protection €550,000 following a major investigation into its use of facial recognition technology linked to the Public Services Card.

The investigation found that the Department was holding biometric facial templates for about 70% of Ireland’s population without a valid legal reason to do so.

In that case at least, legal assurances of privacy were not enough to stop the government itself from breaching the law.

In April, the Irish government launched a public consultation and testing phase for its version of the wallet, which is expected to be available this year.

People are invited to share their views on how such an app should work and to register their interest to try out the wallet app themselves ahead of time.

For everyone else, there’s not long to wait.

The Journal’s FactCheck is a signatory to the International Fact-Checking Network’s Code of Principles. You can read it here. For information on how FactCheck works, what the verdicts mean, and how you can take part, check out our Reader’s Guide here. You can read about the team of editors and reporters who work on the factchecks here.