For a long time, the European Union has been talking about the need to digitize the relationship between member countries. Or to digitize, in general. Progress and the green economy have positioned themselves at the center of the equation. Also the economy and its growth. Because if digitization is of any use, it is to save time. And time is money. In every sense. The single European digital identity, in addition to practicality, is precisely a promise to improve the figures of an economy which –in a convulsive socioeconomic context– is more necessary than ever.
The problem is that the commitment to a single digital identity is a promise that never materializes. With the regulations of 1999 and its reformulation of 2014, known as eIDAS (electronic IDentification, Authentication and trust Services), it was pointed out that all countries in the European market had to provide this digital identity. Which is nothing more than a virtual wallet, valid in all partner countries, in which all the person’s information is gathered. From his personal data, through his financial, academic or social history. All in one application. And although this idea, interesting as it may seem, was on the table, no one dared to take the first official step. Until the issue already points to being mandatory.
With a pandemic in the middle, which has put digitization by flag, since July of this year everything points to the fact that the unique digital identity will not be a suggestion, but an obligation. “To date, it was a vague regulation that could be carried out or not by the states and used or not by companies. What the new regulation wants is for the states to have the obligation to make it available to their citizens,” explains Ester. López, doctor in public international law and professor of international law at UDIMA, to hypertextual.
Now, who will be the one to take the place of the protector of that life data? Although for Ester López this should happen to be a benefit from the State, from each of the member countries, realism prevails. The issue will pass through the hands of private companies that, after receiving the necessary certifications, they establish themselves as the custodians of unique digital identities. These, at the normative level, are known as “the verifiers”.
And, in all this equation, a Spanish company born within MIT. Gataca, which has been advocating for a single digital identity in Europe for some time, is now ready to face the new eIDAS requests. So much so that it is about to launch a trial version for companies to start offering the option of a digital wallet.
Gataca, prepared since 2017
Born in 2017, after the Equifax hack, the objective of Gataca –which receives its name from the human genetic singularity– was to create a digital identity as unique as the code that makes us who we are as humans. Since then, they have been researching and advocating for this technology. A long-distance race that could have come to nothing, but in which they are now one of the first. Although not the only ones.
All in all, Gataca is about to launch its first official active digital wallet for companies, known as Gataca Studio. First for banks and universities. Later, other platforms or companies will come that want to join the issue of the unique digital identity. In October, they explain to Hipertextual, will be ready for a version aimed at early adopters. They already have strategic partners who, although they cannot say their identity, are already testing Gataca’s unique identity management.
But they don’t want to stay there. They are very aware that, no later than 2023, Europe will decide that allowing the use of digital identity is mandatory for all institutions. It is for that moment that they are preparing for. And, if possible, become a reference in the sector at a European level.
How does the Gataca wallet work?
The first thing to understand is your goal. It is a digital repository, in the form of an application, in which all the data that can identify or define a person before any institution is gathered. These, in addition, will be protected by the maximum technical security guarantees. Both for third parties and for institutions that require the use of the unique digital identity. Thus, a bank will only be able to see the data that the user, prior approval, wants or needs see the financial institution.
In the case of Gataca, which works with biometric identification, they ensure that credentials will only be sent until there is exact confirmation that it is indeed that person. In this way, both parties have mutual knowledge of who is who.
It supposes, moreover, a change of the rules of the game. And let’s take the example of a bank. Until now, opening an account with a financial institution came with an interesting offer, now the situation will be the other way around. The bank, knowing my credit data, will offer me what best suits me. It is, broadly speaking, turning the tables.
It will also mean an opening of doors to all European services. Instantly, all our credentials will be valid at the community level. No arguments.
And while this will start to work with universities and financial institutions, lThe idea is that this reaches any corner. And like everything that goes, can come. From the wallet itself, access to our data could be terminated before any company and institution. This would be a quick way to remove our presence in third-party applications. Something almost impossible in many of them.
The unique digital identity still has problems to solve
The single digital identity system will be a mandatory requirement that will coexist with the current authentication systems, but that, in the long run, will become normal. Good for many, problem for those who have digital terror.
In the eyes of Ester López, at the moment a friendly presentation must be made to governments and companies so that citizens begin to use them. In order to transcend the level of early adopters and become the norm. They have until 2030 to do so, a date that for López is risky, but that is still on the table.
However, this will come with other trends. Or other digital gaps. What ATMs have been to banks, the digital identity will be for any identification system. At this time, a next digital divide is opening up that will have to be dealt with in depth.
Apart from the problems associated with the social acceptance of digital identity, there are relationships with third parties. That is, outside the European Union in this case. The new iDAS regulation made an addition that solved part of the problem: these electronic certificates would be valid abroad without the need for bilateral agreements. As long as the necessary security levels are met. This last nuance is, in fact, its biggest problem.
How to unify security systems between non-EU countries? The key, for the lawyer, will be in the extramural agreements. The United Kingdom, a key economic partner, is itself a problem. The Anglo-Saxon world has a conception of security that is very different from the European one. In fact, the GDPR itself (data protection law) has already been a headache for many North American technology companies with a concept of data that is very different from the European one. If we go to China, the story gets complicated. Everything will depend, in any case, on Europe convincing the world that its security standard is that it dominates the single digital identity scene.