Germany is not exactly known for its great leaps in digitalisation. However, there are now plans to create a uniform digital identity with a digital wallet that can be used throughout the whole of Europe. Whereas digital payments, plane tickets or customer cards have been part of our everyday life for some time now, a digital identity could also simplify a host of other tasks. Right? But – as so often with digitalisation issues – there is criticism surrounding the question of data privacy. And we are also facing competition.
EC card and PIN belong to the past. The payment methods of the future are likely to go by the names of Apple, Google or Alipay. That is because mobile payment is growing in popularity and enables payments to be made in a matter of seconds with a simple fingerprint scan. From 2016 to 2019 the percentage of people using mobile payment methods in Germany grew from 10 to 33%. In 2019, 900 million customers in China were already using the Alipay payment platform – in other words, over 60% of the population. The Chinese are also one step ahead with the technology: in “Smile-to-Pay”, Alipay is offering an even simpler payment method, which works with facial recognition at the POS – with no need for a fingerprint or smartphone.
But back to us in Germany: yes, we are paying more often with our smartphones and saving our customer cards or plane tickets in the Apple Wallet. But many authorities and enterprises are still searching in vain for a way of presenting digital verifications – when registering a new car or filling in a hotel register, for example. In order to change this situation, the German government has launched the “European Digital Identity Initiative“, having passed the “Smart eID Act” as the legal framework for the initiative in February. The first step will see the introduction of a new digital ID card. In the long term, other documents such as driving licence or student ID are to be saved in the digital wallet, and holders will be able to use them throughout Europe. In order to produce as wide a range of uses as possible, the state is collaborating closely with various enterprises.
Recently the EU Commission also presented a draft that envisages all EU states having to offer an “EUid” at some point in the future. One intention behind the scheme is that the online ID should make it easier to rent an apartment in another European country. Furthermore, corporations such as Google or Facebook are to be obliged to recognise the EUid – for example as a form of age verification on their platforms.
Moves afoot to launch German ID wallet
Since May of this year, the ID wallet has slowly been taking shape. As part of a pilot project, business travellers from Deutsche Bahn, Lufthansa, Bosch and BWI can check in to selected hotels with the aid of a new app. Two pieces of information are first stored in the wallet for this purpose: on the one hand, the verified identity data from the Bundesdruckerei (national printing company) and on the other hand the company’s billing address. Travellers then only have to scan a QR code at the reception desk, thus transferring the data in encrypted form – the hotel cannot store this data in a central location. The new version of the digital ID card should then be available to everyone in Germany as of September. There will also be other public-private model projects this year.
Data privacy concerns
In Germany, data privacy often plays a prominent role in digital projects. This is because there are wide-ranging approaches and opinions regarding how, where and how much data should and may be stored. The German government wants to pursue the “self- sovereign identity (SSI)” approach for the digital identity ecosystem. According to this model, users retain full control of their data. They can manage all verifications themselves and share them selectively to suit a specific purpose. A decentralized network will be used to verify the data. This will only be used to share selected information with the recipient, thus avoiding centralised storage of large volumes of data, which means no-one is granted access without asking.
So far so good. However, this approach requires an appropriate infrastructure – smartphones have to meet specific requirements, and it is also planned to use blockchain technology. The former aspect in particular has attracted criticism as currently only a few Samsung devices have the necessary security architecture. However, one eID for everyone only makes sense if everyone can access it – no matter what kind of mobile phone they have or how high their budget is. Moreover, with this approach the state is dependent on third parties.
There is yet another snag to the German government’s plans. We were not the ones who came up with the idea of digital identity – other nations and enterprises are also working on the notion. In addition to “ID2020” from Microsoft and the US government, there is also the Canadian-Dutch project “Known Traveller Digital Identity”. The idea behind this project is to replace the conventional passport control with an automatic biometric scan. The developers also want to integrate other documents at a later stage. This means a German-European solution could be superfluous before it is even completed if other providers establish themselves faster. This would also make it more difficult to check if data is properly protected – the use of biometric data in particular can quickly lead to concerns about surveillance.
Irrespective of the provider, digital wallets and identities will soon become part of our everyday lives. Following testing of the ID wallet in German hotels, other application options are waiting in the wings. However, the technical prerequisites and data privacy are issues that still need to be settled.
Enterprises should begin now to prepare for the use and issue of digital verifications. A secure, high-performance network is the basic prerequisite for those who wish to do so. As experienced consultants, we will be glad to support you in the planning and implementation of a network that is ideally equipped for the digital future.