Machine translations by Deepl

Identification creates increasing risks for all

When accessing services, public authorities and businesses are increasingly requiring you to identify yourself online. Your passport or driving licence – whether or not parts of it are obscured – contains highly sensitive information. The more copies of identity documents end up in databases, the greater the risk that large amounts of personal data will be compromised as a result of rising cybercrime or unsafe practices by service providers. Against this backdrop, Privacy First is deeply concerned about new European identification methods.

Privacy First activities on identification

Recently, Privacy First has been plenty active on the subject of identification:

Brand letter on EUDI wallet

Last March, in a fire letter to the finance minister, we asked [1] attention to a European proposal leading to the European identifier, the European Digital Identity, also referred to as EUDI wallet or EDI wallet, becoming mandatory. The minister, in a letter to the House of Representatives on 11 May last [2] let it be known to disagree with us.

Participation in European consultation eIDAS/EUDI wallet

Privacy First raised the issue of identification in a recent European consultation on the Business Wallet [3]. This wallet, like the EUDI wallet, is based on the European eIDAS regulation. In our consultation response [4] we pointed out that private parties in the eIDAS system, such as wallet providers, are not tested for integrity or lack of conflict of interest. This is a serious flaw in the system. Among other things, Privacy First called for strengthening the provisions on the voluntariness of wallets.

New Privacy First letter to House of Representatives

Recently, the Digital Affairs Committee of the House of Representatives decided to start paying extra attention to the eIDAS regulation and the Business Wallet. This prompted Privacy First to issue a detailed letter on 1 June last [5] to this committee and other relevant committees of the House of Representatives, in which we addressed the risks surrounding identification in detail. In this letter, we explain why we do not agree with the Finance Minister's position as expressed in his letter to the House of Representatives on 11 May last. Furthermore, we address the voluntariness of wallets and raise a large number of questions about the eIDAS system, including:

  • How to prevent wallets from becoming a means of control,
  • How to ensure that receiving parties do not over-ask (overidentify),
  • what safeguards are in place to prevent unnecessary dissemination of personal data,
  • How about the flawed revenue model for wallet providers,
  • why there is no requirement that the wallets can be used without devices or software from non-EU internet giants.

Privacy First continues to critically monitor developments in this regard.

If you have any useful information for us or relevant experience with identification (or identity verification) that might be helpful in our dealings with government bodies, please let us know.

 

[1] https://privacyfirst.nl/artikelen/brandbrief-privacy-first-over-verplichtstelling-europese-digitale-identiteit-bij-banken/ (see also update 1 June 2026)

[2] https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2026Z09523&did=2026D21471

[3] https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14663-Europese-portemonnee-voor-ondernemingen-digitale-identiteit-veilige-gegevensuitwisseling-en-juridische-kennisgevingen-voor-eenvoudige-digitale-bedrijven_nl

[4] https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14663-Europese-portemonnee-voor-ondernemingen-digitale-identiteit-veilige-gegevensuitwisseling-en-juridische-kennisgevingen-voor-eenvoudige-digitale-bedrijven/F33399513_nl

[5] https://privacyfirst.nl/wp-content/uploads/SPF20260601.pdf (pdf)