Europe needs a strategy to resolve differences between 23 national electronic identity (eID) schemes, if a European ID scheme is to take off.
This was the conclusion of a study on privacy in national eID schemes in Europe published today by the European Network and Information Security Agency (Enisa)
Enisa executive director Andrea Pirotti said approaches to eID schemes and privacy protection differed widely across Europe. "[A pan-European] eID will not take off unless we get this right," he said.
Enisa identified 11 risks to personal privacy, and eight counter-measures that could be implemented in the card.
It said 10 live schemes and 13 pilot card-based eID schemes were being turned into working systems.
eID cards were presently used mainly to access government services and submit tax returns, but Enisa found commercial applications in the pipeline.
Many planned services would use data on the card for anything from secure online chat to borrowing library books, it said.
The data on the card was the gateway to personal information at national and European level, it said. This made it essential to address privacy concerns, especially in terms of the unwanted disclosure of information and subsequent misuse, Enisa said in a position paper.
It compared the existing measures provided by the cards, and found varying levels of protection. The measures included anything that gave the cardholder greater control over which data were disclosed about them and to whom. This was a key feature if governments were to get buy-in from citizens, it said.
It said privacy protection had been tested at national level only. But the intention was for an eID card to be usable across borders.
Pirotti said Enisa would continue to study the development of eID schemes this year.