Written by Philip Boucher
In the digital age, citizens need to manage a range of online identities that are linked to their offline identity. In managing these identities and entering into agreements, citizens navigate a complex legal and technical infrastructure. As digital identities become increasingly important, it is worth considering how this infrastructure can be made more trustworthy, empowering users while increasing the availability of data and ensuring citizens’ safety and privacy.
In this context, the Panel for the Future of Science and Technology (STOA) hosted a roundtable discussion to examine how citizens can manage their identities online while maintaining privacy, safety and security. The event was organised in cooperation with ELONTech and the IOT Council in the context of the work of next generation internet, a European Commission initiative to reimagine and re-engineer the internet for the third millennium and beyond.
In her introduction, STOA Chair Eva Kaili (S&D, Greece) highlighted the importance of managing digital identities safely and securely in the digital age, paying particular attention to who owns and controls the identity management tools. She then welcomed the speakers, all experts on digital sovereign identity and coming from industry, academia and policy-making, including Remy Knecht, COO of ITSME.be; Daniel Du Seuil, Convenor European Self Sovereign Identity Framework, part of the European Blockchain Services Infrastructure (EBSI); Loretta Anania, Scientific Officer at DG Connect, European Commission; Thibaut Verbiest, Head of Regulatory Affairs Europe & Africa at Diginex and Petros Kavassalis, Associate Professor at the University of the Aegean.
Itsme.be is an identity management service that is widely used for securely signing digital transactions. While they are well known for their banking services, their COO, Remy Knecht, explained that they are also active in many other domains, including utilities, human recourses and mobility. These services are useful for many citizens, but only when they are trustworthy, that is, when they respect privacy and protect users when something goes wrong. Remy concluded his talk by identifying gaps in regulations and standards to providing a reliable link between decentralised IDs (known as DIDs) and more traditional centralised IDs, such as government-issued documents.
Daniel Du Seuil from the European Blockchain Services Infrastructure (EBSI) spoke about how DIDs empower citizens by giving them control of their own data and identities. Citing several problematic experiences of identity management around the world, he emphasised the importance of empowering citizens while ensuring adequate protection of security and privacy. He argued that good partnerships between the public and private sector are key to achieving this.
The European Commission has been active in promoting the development and application of DIDs, for example through the next generation internet initiative. Loretta Anania – a Scientific Officer at the Commission – emphasised that privacy is not just a value, but a hard-won right enshrined in the EU Treaties that needs to be respected. However, while the treaties themselves do not provide guidance on how to respect these rights in the digital age, she argued that legislation such as the GDPR and eIDAS could form a solid basis for positioning Europe as a centre for safeguarding digital identities.
With their decentralised structure, blockchain technologies can form a key part of decentralised identity solutions. Thibaut Verbiest from Diginex – a digital financial services company focusing on blockchain technology – said that users already have to deal with dozens of digital IDs, passwords and accounts, and the number is growing. He emphasised the need for user-friendly systems. However, reliable decentralised systems for ID management can be expensive, and firms also need to consider regulatory elements as they are compelled to use the most GDPR-compliant technologies available to them. He highlighted that decentralised and centralised ID services could enter a virtuous circle whereby centralised IDs provide the basic credentials to enable users and service providers to engage in decentralised systems confidently, while decentralised systems provide a layer of transparency for centralised systems of the state by acting as a witness or notary.
Providing the final talk of the event, Petros Kavassalis recalled that the internet has always had to compromise between centralised and decentralised systems. Both have their role, and neither one alone can provide all of the privacy and security that users need. For that, it is key to develop a ‘trust layer’, and to complement technology with appropriate regulation.
During the subsequent discussion, inclusion emerged as a key issue. The primary device used for managing digital IDs are smartphones, but not all citizens have one. Indeed, many citizens prefer or require traditional physical interactions, and they should not be excluded from key services such as banking. Technology could provide some alternative solutions but, in the meantime, it remains important to maintain an ecosystem of identity management services that can cater to all citizens’ needs.
In his concluding remarks, STOA second Vice-Chair Ivars Ijabs (Renew Europe, Latvia), underlined the importance of DIDs, highlighting the competition to provide ID services from a wide range of platforms, including for example Facebook, which is also used as an ID service to access to many other online services. In closing, he stressed the important role of STOA, working at the interface of science and policy-making, to address these issues.
The full recording of the meeting is available here.