Digital ID meets social media ban – what could go wrong?
Right now, the European Commission is quietly setting the technical rules for a European digital identity. And what’s in the current draft should alarm everyone.
Today we publish an open letter together with digital rights and consumer protection organisations across Europe to demand these fixes – before it’s too late.
The 5 key problems:
🚪 Loopholes for registration certificates allow over-asking
🕵️ Weakened pseudonymity rights enable over-identification
📸 Mandatory biometric facial images in the minimum data set
🍏 Big Tech can circumvent genuine Wallet integration
👁️ Tracking protections fundamentally weakened
Find our summary and full analysis here: https://epicenter.works/en/content/five-problems-the-commission-must-fix-in-the-eu-wallet
@epicenter_works Can you explain a bit your point regarding passkeys ? It is presented as a proprietary protocol while this is an open standard, implemented by most password managers today (KeePass*, Bitwarden, ProtonPass etc etc)
I suppose their is something else in the draft that I don't get
@epicenter_works And, the draft implementation of this wallet requires passing Play Integrity checks.
The Play Integrity is one of the main anti-competitive tools developed by Google.
The Play Integrity does mainly ONE thing: check if the OS is certified by Google.
And one thing it doesn't do: preventing execution with a corrupted device.
If all our critical services require a Google-certified system, the certification becomes a coercion mean: OEM must agree to all Google demands (like pre-installing Youtube, Google, Chrome etc.) if they want to have that certification
It also prevents users to use alternative OS based on Android (/e/OS, GrapheneOS, Android emulator for Linux phones, like Jolla, etc), many of them being EU solutions
Tom Schaffer
epicenter.works
S1m