EU lacks common ID privacy specs, says agency

Europe lacks a common ID card privacy strategy, which is hindering interoperability and citizen acceptance, according to Enisa
Written by Tom Espiner, Contributor on

European Union members lack a co-ordinated strategy on how to protect citizen data linked to ID cards, according to an EU agency.

That lack has hindered the development of interoperability standards that would let each country's authorities work with the electronic identity card (eID) of another, the European Network and Information Security Agency (Enisa) said.

"Privacy is an area where the member states' approaches differ a lot, and European eID will not take off unless we get this right," said Enisa executive director Andrea Pirotti in a statement. "Europe needs to reflect on eID privacy and its role in the interoperability puzzle."

An Enisa spokesperson told ZDNet UK on Thursday: "Member states should get their act together and formulate a strategy on this matter in more detail."

Enisa published a paper outlining its position on Tuesday, in which it evaluated privacy protections in ID card schemes across Europe. For example, the assessment looked at whether the primary data on the card could be changed, which is essential if the data is incorrect. Out of the eleven countries in the EU that have eIDs, only six of them had systems that allowed primary data to be changed.

While the use of electronic identity cards offers opportunities for governments to be more efficient in providing services to citizens, there is the risk that the citizen data collected could be misused, either by criminals or future governments, Enisa said. This is not desirable, it added.

"The fundamental human right to privacy must be guaranteed for all European eID card holders," said Pirotti.

Privacy fears have limited citizen acceptance of the cards, according to Enisa.

The quality of UK data-privacy safeguards could not be evaluated by Enisa, as the UK government has not revealed any specific details about the technology behind its scheme.

While the first UK ID cards have been issued, currently no police stations, border-entry points or job centres have any way of reading the information stored on them, ZDNet UK's sister site, silicon.com, reported on Thursday.

Editorial standards