Privacy Features of European eID Card Specifications - an ENISA Study
ENISA Position Paper
As an authentication token and personal data source, a national eID card is a gateway to personal information. Any unwanted disclosure of personal information as a result of the issuance or use of the card constitutes a violation of the citizen’s privacy rights. Apart from considerations of fundamental rights, this is also a serious obstacle to the adoption of eID card schemes and to their cross-border interoperability.
The aim of the ENISA position paper
is to allow easy comparison between privacy features offered by European eID card specifications and thereby to facilitate identification of best practice. The target audience is corporate and political decision-makers and the paper seeks to raise awareness of the legal and social implications of new developments in eID card technologies. In particular, the findings should have important implications for data protection and security policies. A clear statement of the status quo is an essential first step towards the important goals identifying best practice, improving the base-line of citizen privacy protection in eID cards throughout Europe and ultimately to improving interoperability and adoption by citizens.
ENISA analysed the risks to personal privacy resulting from the use of national electronic identity card schemes and list all practicable techniques available to address these risks. The main part of the paper is dedicated to a survey of how these available privacy enhancing technologies are implemented in existing and planned European eID card specifications, the European Citizen Card and ICAO electronic passport specifications. The information is based on the latest publicly available specifications with a complete set of references provided and is presented in a series of tables for easy comparison. The table entries show how diverse the European eID card landscape is. Although this paper only compares privacy features, other aspects of the cards are similarly diverse.
Reference: European Network and Information Security Agency (ENISA), 2009
Click to download the corresponding pdf-document (1.169 MB)
Get more information from this website:http://www.enisa.europa.eu/
Available on the website since February 11, 2009