Civil Society Demands: EU Commission Must Close e-ID Loopholes!
The final technical design of the European Digital Identity Wallet is currently under negotiation. These blueprints will have a big impact on whether or not users will be sufficiently protected when using Europe’s upcoming digital identity system. In concrete terms, this is currently being negotiated in the eIDAS implementation acts between the EU member states and the European Commission.
The positive changes in the first batch of technical rules show: Civil society works! Together with 15 organisations we thank the negotiators and acknowledge these significant improvements for privacy and human rights safeguards. The most recent proposals, however, still have some severe privacy and transparency problems that we address in our open letter to the European Commission.
What is the problem?
The eIDAS regulation lays out concrete rules for those companies and government agencies who want to access personal information from citizens’ Wallets. This could be for example an online platform, a public transport company or your doctor. It obliges these so-called “relying parties” to register their intended use of the Wallet, that is which attributes they intend to request from users. The regulation also prohibits them from asking information that goes beyond their registration. This could mean for example that, according to its registration, an online shop is only allowed to ask for your name and address but not your birth date or other information. A porn platform might use the Wallet to verify your age, but couldn’t obtain not any other information about you or use other means to track your behaviour.
To protect everyone from such illegal requests, the EU’s Digital Identity Wallet needs to know what personal information a relying party is actually allowed to access. The EU Commission, however, proposes a loophole which would leave it to the Member State that registered the relying party to decide whether the Wallet knows about the contents of the registration or not. This would allow Facebook Ireland to circumvent the protections and ask European users for everything. Furthermore, the public register of relying parties risks being useless without harmonised specifications on how to access it and what results to expect. Ultimately, the trust we will put in the Wallet will depend on the protections and transparency that we can rely on.
15 Organisations demand: The Commission’s Loopholes Must be Closed!
If these loopholes remain, this would have disastrous consequences. Any discrimination based on illegal access to attributes in the Wallet (health, gender, income, etc.) would be unchecked. Given the track record of lax data protection enforcement in countries like Ireland, companies like Facebook Ireland would likely have a wildcard certificate, virtually empowering them to request any data they want. Member States dedicated to protecting their users from illegal requests (e.g. Germany, the Netherlands, Spain or Austria), on the other hand, would be incapable of doing so.
We therefore ask the Commission to make relying party registration certificates mandatory for all relying parties and to issue a harmonized specification to access the relying party registry of each Member State.
Civil Society Calls on EU to Stop Europol-Egypt Agreement
Civil society is raising the alarm over a proposed agreement between Europol and Egypt. A coalition of 41 organisations and experts, including European Digital Rights (EDRi), has sent an open letter to the European Commission urging it to halt these negotiations.
If signed, the agreement risks legitimising illegal practices by Egyptian police and could pave the way for deeper cooperation with Egyptian authorities, including the harmful sharing of personal data.
This agreement is part of the EU’s broader strategy for police and judicial cooperation, border control, and migration in the Mediterranean region. However, such actions conflict with the EU’s fundamental rights standards. Egypt, which holds an estimated 60,000 political prisoners, has been flagged by the UN for systemic torture and ill-treatment of political opponents and government critics.
We call on the European Commission to:
–Halt the agreement,
–Ensure transparency on human rights and data protection assessments,
–Demand reforms in Egypt to uphold human rights, civil liberties, justice, and democracy.
Read and share the full open letter here.
We submitted an Open Letter to the Special Secretary of Foresight Strategy about the National AI Strategy and the enforcement of the AI Act
Today, 1/8/2024, on the occasion of the entry into force of the AI Act, Homo Digitalis sent a letter to the Special Secretary of Foresight Strategy of the Hellenic Government, Mr. Giannis Mastrogiorgiou, regarding the National Strategy for AI and the incorporation of the AI Act into national law! In addition, we communicated our concerns to the Prime Minister’s Office and the Ministry of Digital Governance.
Among other things, we raise critical questions about the national governance and oversight model, the creation of regulatory sandboxes (No. 57) and how the Greek public will be informed when subjected to the use of AI systems that create profiles or make decisions about them in the provision of public services.
At Homo Digitalis, we believe that the next steps of the Greek government will be crucial for the effective or not defence of digital rights in Greece, at a time when AI is a reality in our daily lives. The proper incorporation of such a technical and legally complex legislation into national law and the solutions adopted to address the ethical and social issues that arise are crucial for all of us.
You can see the full text of our letter here.
The European Union must keep funding free software
Open Letter to the European Commission.
Since 2020, Next Generation Internet (NGI) programmes, part of European Commission’s Horizon programme, fund free software in Europe using a cascade funding mechanism (see for example NLnet’s calls). This year, according to the Horizon Europe working draft detailing funding programmes for 2025, we notice that Next Generation Internet is not mentioned any more as part of Cluster 4.
NGI programmes have shown their strength and importance to supporting the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure.
Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.
Previous Cluster 4 allocated 27 million euros to:
- “Human centric Internet aligned with values and principles commonly shared in Europe” ;
- “A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life” ;
- “A structured ecosystem of talented contributors driving the creation of new internet commons and the evolution of existing internet commons”.
In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organisations managing these European funding consortia.
NGI contributes to a vast ecosystem, as most of its budget is allocated to fund third parties by the means of open calls, to structure commons that cover the whole Internet scope – from hardware to application, operating systems, digital identities or data traffic supervision. This third-party funding is not renewed in the current program, leaving many projects short on resources for research and innovation in Europe.
Moreover, NGI allows exchanges and collaborations across all the Euro zone countries as well as “widening countries” [1:1], currently both a success and an ongoing progress, likewise the Erasmus programme before us. NGI also contributes to opening and supporting longer relationships than strict project funding does. It encourages implementing projects funded as pilots, backing collaboration, identification and reuse of common elements across projects, interoperability in identification systems and beyond, and setting up development models that mix diverse scales and types of European funding schemes.
While the USA, China or Russia deploy huge public and private resources to develop software and infrastructure that massively capture private consumer data, the EU can’t afford this renunciation.
Free and open source software, as supported by NGI since 2020, is by design the opposite of potential vectors for foreign interference. It lets us keep our data local and favors a community-wide economy and know-how, while allowing an international collaboration.
This is all the more essential in the current geopolitical context: the challenge of technological sovereignty is central, and free software allows addressing it while acting for peace and sovereignty in the digital world as a whole.