Europe needs a strategy to resolve differences between 23
national electronic identity (eID) schemes, if a European ID scheme
is to take off.
This was the conclusion of a
study on privacy in national eID schemes in Europe published
today by the European Network and Information Security Agency
(Enisa)
Enisa executive director Andrea Pirotti said approaches to eID
schemes and privacy protection differed widely across Europe. "[A
pan-European] eID will not take off unless we get this right," he
said.
Enisa identified 11 risks to personal privacy, and eight
counter-measures that could be implemented in the card.
It said 10 live schemes and 13 pilot card-based eID schemes were
being turned into working systems.
eID cards were presently used mainly to access government
services and submit tax returns, but Enisa found commercial
applications in the pipeline.
Many planned services would use data on the card for anything
from secure online chat to borrowing library books, it said.
The data on the card was the gateway to personal information at
national and European level, it said. This made it essential to
address privacy concerns, especially in terms of the unwanted
disclosure of information and subsequent misuse, Enisa said in a
position paper.
It compared the existing measures provided by the cards, and
found varying levels of protection. The measures included anything
that gave the cardholder greater control over which data were
disclosed about them and to whom. This was a key feature if
governments were to get buy-in from citizens, it said.
It said privacy protection had been tested at national level
only. But the intention was for an eID card to be usable across
borders.
Pirotti said Enisa would continue to study the development of
eID schemes this year.