Andrea Servida Head of eGovernment and Trust, European Commission
When I think of mobile communications – in particular, of the smartphone – I see a token of freedom. Having established the Single Market in goods, we are now entering an era of extraordinary promise in cross-border trade and services through the creation of a Digital Single Market in Europe. As the ways in which people conduct commerce and access services become increasingly digital, the potential for enhanced autonomy to the individual is difficult to overstate. It must however remain so. A device such as a smartphone must act in accordance with our wishes, and speak for us, not about us. It must be a tool not a beacon.
It is on the basis of this principle that the European Commission developed eIDAS (Electronic IDentification, Authentication and Trust Services) Regulation. People previously accessed internet often without thinking a lot about which data they were sharing. This innocence has been at times terribly abused to the detriment of the obligation to make user experience safe and secure. Users’ personal data has been collected, disseminated and exploited for economic, political, security or even military purposes. And this without giving the users the opportunity to manage or even monitor these processes in any way, let alone withhold their consent for them.
This jeopardises, at least to some extent, the user’s basic rights – in particular, those of self-determination and of privacy. It is essential to take seriously into account the invasive potential here, and enshrine a more symmetrical relationship between business and end-user in this respect: a relationship which allows users to make the most of what online services have to offer, while reclaiming full control over the information held about them . This more symmetrical dynamic is only possible if we regain full control over the manner in which we disclose our data. If we allow our identities to become commodities managed by others, we become products and not consumers. In this regard the ability to control our own digital identities is nothing less than a safeguard of freedom.
For this reason we aim to ensure that the data users reveal on themselves is both voluntary and relevant. If I want to place a bet online, for example, nobody involved in that transaction needs to know my gender, marital status or town of residence. They only need to know my legitimacy to use that service, that I fit the minimum age and reside in an approved jurisdiction, and so on. Users are increasingly resistant to the prospect of firing a ‘scattergun’ of data every time they go online, and rightly so. The ‘minimum dataset disclosure’ principle is therefore a core requirement of eIDAS, as is the ‘once-only’ principle, which stipulates that once the user’s private information has been obtained by the public sector, it is not necessary to be be proffered on subsequent occasions.
As the digital world becomes increasingly mobile, any viable identity solution must take this properly into account. Mobile Connect, the mobile industry’s identity solution, does so by design and on a global scale. In addition, it prioritises privacy underpinned by the same authentication credentials which eIDAS seeks to reinforce for example two or multiple factor authentication. Thus, it is a highly appropriate tool for enhancing trust across Europe. And enhancing trust means at the same time strengthening cross-border trade among Member States. An eIDAS pilot undertaken earlier this year allowed us to demonstrate that the ecosystem created by eIDAS can be easily integrated with existing identity solutions like Mobile Connect. With 84% penetration across Europe already, the mobile industry is a natural partner for the delivery of trust across borders within the EU.
Looking beyond Europe’s frontiers, it is interesting, and I would say gratifying, to note jurisdictions outside the EU adopting analogous requirements to eIDAS. The US state of Virginia for example has already adopted eIDAS standards for accreditation of digital identity providers. As talks progress, other states are expected to join in the future; South Africa is also implementing the same requirements for trust tokens such as electronic signatures and Japan seems to take a similar direction to Europe.
These developments raise some fundamental questions on the future of global trade. Trade is based on trust: the fact that some jurisdictions follow the example of eIDAS while others stop short of, is this going to impact on are we going to seeglobal patterns of digital commerce and services? We are confident in the progress made to date in pursuit of the Digital Single Market in Europe and anticipate recognition of its benefits globally as regulators outside the EU seek alignment with our model. And if that comes to pass, we can anticipate striking changes in the digital trade routes of the world taken into account that jurisdictions prioritising trust find increasingly efficient to trade with one another. We believe that trust among users is essential to conduct digital commerce. That is why, we expect full vindication of the user-first approach we are championing.