The European Commission will publish today (4 June) a proposal to encourage the take up of e-signatures and e-identities across Europe, gathering praise from companies but raising a controversial debate around the protection of privacy and the security of personal data.
A new draft regulation will update the existing e-Signatures Directive, extending its scope to include new services such as e-stamping or e-seals which are meant to guarantee the origin and the integrity of an electronic document.
The use of electronic identities across EU member states is set to be boosted by the initiative as the stated objective of the Commission is to maximise the cross-border potential of electronic identities held by EU citizens and companies.
If the proposed regulation is approved by lawmakers in the EU Parliament and Council of Ministers, citizens’ e-identities will be automatically recognised in other EU member countries without need of extra paper work.
"The proposed Regulation will ensure mutual acceptance of electronic identification schemes (eIDs), e-Signatures and related online trust services," said Ryan Heath, spokesperson for Digital Agenda Commissioner Neelie Kroes.
"The sorts of groups it will help include citizens moving or marrying abroad, students, small businesses, medical patients," Heath said.
"But it will not, for example, oblige EU member states to introduce national identity cards, nor would it introduce a European ID system or force individuals to obtain an ID card or passport," Heath said in response to privacy campaigners.
For companies operating across the EU's internal borders, the advantage would be to access tenders in other countries in a shorter time and with less red tape.
National authorities would be obliged to recognise electronic identities certified in other member states, shortening identification procedures for foreign citizens or businesses.
An EU project, called Stork, has already identified a common platform where the 17 member states which have participated to the initiative, can mutually recognise e-IDs.
No obligation to introduce national IDs
To allay critics coming from privacy protection groups, the Commission underlines that the new legislation would not oblige member states that do not have electronic IDs to introduce them. Many member states at the moment have no e-IDs, and some like Britain have no IDs at all.
Among the possible beneficiaries of the new rules are “students who could register for a foreign university online, rather than having to travel abroad to complete the paper work in person” or “patients needing medical assistance abroad who could securely check or authorise a doctor to access their online medical records,” the Commission says.
Brussels also ensures that “the proposals are designed to avoid the centralisation of information”. No new database will be created. “There is no aggregation of information, beyond the aggregation that already takes place in national systems,” according to a Commission document.
Moreover, the security of the electronic use of personal data in other countries will be protected with state-of-the-art technology and procedures, the Commission insists. Under the proposal, unnecessary data will not be revealed, it says.
“If a teenager wanted secure access to a chat room for 14-18 year olds, or gamblers needed to prove they were of legal age, the website should only check information about their age from the e-ID card. Other details such as nationality and address would not need to be revealed,” stresses the Commission paper to be published today.
The other side of the coin
The proposed legislation has been drafted with care to meet concerns of civil rights groups and normal citizens which feel threatened by a perceived invasion of their private life by public authorities.
Reactions to a EURACTIV story, which unveiled details of the Commission proposal two weeks ago, provide a snapshot of the most common worries expressed by citizens. "I will not accept that I need to have a card to produce to tell me and every one else who I am and where I come from," said Anne Palmer, a EURACTIV reader. "We fought to be free and we will again fight to be free," she said in response to another reader who wondered why British people were so vehemently opposed to ID cards.
Against such an emotional background, the Commission underlines that harmonisation of e-identities is not required by the proposed new European rules.
However, the eventual target is obviously to favour an increased take up of electronic identities across borders. And it is always better and more practical to have them harmonised across the EU.
Member states that refuse to use e-IDs will be cut off from the advantages of easier identification across borders. An incentive will be established for member states to equip themselves with e-IDs. Best practices will be exchanged and followed, leading to de facto harmonisation.
This outcome is not bad news as it would make the life of many citizens easier, the Commission argues. But it may create controversy in nations where concerns about privacy are higher, notably in the United Kingdom where citizens have long opposed the introduction of real world identity cards.
Security is also a matter of concern. Data breaches are on the rise as more activities move online.
Current data protection systems are not always appropriate to face increasingly sophisticated techniques to steal data and identities in the electronic world. Without seriously beefing up security requirements for the public and private sector, eIDs could also provide new opportunities for internet fraudsters and criminals organisations to thrive on.
The fact is that increasing security also bears considerable economic and reputational costs. And private companies and governments have every interest in protecting themselves from such risk.