How does the EU Digital Identity Wallet change the risk of over–sharing data? A Dutch perspective.
How does the EU Digital Identity Wallet (EU DIW) change the risk of over-sharing data? A relevant question, especially considering efforts around the EU DIW continue to develop.
One of the highlighted features of the EU DIW is that it gives users full control over their data and over how and with whom they share it. Cutting out the middleman and the big platforms like this seems like a win: it gives people sole autonomy over what happens with their information, much more so than they have now.
But could that also be a downside? After all, sole autonomy also means sole responsibility. And where the companies that you now share your data with are subject to treating your data in compliance with incredibly strict privacy- and data rules and regulations, and have all sorts of processes in place to ensure they only do what is allowed and what is necessary, the average European citizen may not have all those controls.
That makes over-sharing of data a potential EU DIW risk strongly worth investigating and together with professors Michael Klenk, Mark de Reuver, and Nitesh Bharosa, Henk Marsman did just that.
Their findings were recently published in the Proceedings of EGOV-CeDEM-ePart 2024, and presented at the EGOV2024 conference in Leuven, Belgium, this month. Some key insights:
- Goal orientation, awareness and knowledge of users impact over-sharing, both generally and in assessing the proportionality of data requests.
- The ease of sharing data across contexts complicates this further.
- Influencing techniques (incl manipulative ones) and request fatigue on the user’s end may do so as well.
Now that users are equipped with (high value) qualified data the impact of over-sharing is larger, and users become more interesting ‘targets’ for ‘data-hungry’ relying parties.
The full report is freely available for you via the button on this page.
Research report
By Henk Marsman, Michael Klenk, Mark de Reuver, Nitesh Bharosa. Published in the academic Proceedings of EGOV-CeDEM-ePart 2024.
Abstract
The European Union (EU) Digital Identity Wallet (DIW) intends to give citizens control over personal data sharing. The DIW users will have full and sole control over their data. The EU intends to address the risk to citizens’ privacy in cases where data from and about users is gathered and exchanged by online service providers. However, it is unclear how users of the EU DIW can decide what data to share and how to prevent sharing too much data with online service providers. In order to reduce this risk, we need to understand it first. Drawing on expert interviews, this paper presents a novel analysis of the risk of over sharing through the EU DIW. It defines the risk and what aspects influence the risk from literature, documentation and expert interviews. Over-sharing data occurs when users share more data than strictly required for the service or product acquired online and multiple aspects influence this risk, specifically the user capabilities and orientation, the loss of context awareness, the quality of the data and the ease of sharing.
Keywords
eIDAS, digital identity wallet, data, privacy, over-sharing
Henk Marsman
Digital Identity Expert &
Principal Consultant SonicBee