Wong-Toropainen, S. (2024) Problematising User Control in the Context of Digital Identity Wallets and European Digital Identity Framework. in K Prifti, E Demir, J Krämer, K Heine & E Stamhuis (eds), Digital Governance: Confronting the Challenges Posed by Artificial Intelligence. T.M.C. Asser Press, The Hague, pp. 115-136.
Abstract:
This chapter problematises user control in the context of the EU Commission proposal on the regulation for European Digital Identity Framework (EDIF). The proposed framework includes requirements for the European Digital Identity Wallet (EDIW), intended to give control to EU citizens over their identity-related data. The chapter puts forth an argument that while harmonisation of digital identity solutions is required at the EU level, the user control discourse is employed to justify technical choices that can adversely impact the protection of personal data and the right to privacy, such as the use of persistent identifiers that have a potential to enable tracking of users across databases. The chapter employs post-structural discourse analysis to examine the EDIF and related EU policy documents. The findings include that EU recognises individuals’ lack of control in the digital environment due to unfair data collection practices by the digital gatekeepers but does not factor in the new challenges posed by artificial intelligence systems which increase the risks of surveillance and identity theft that also limit the benefits of user control achieved by EDIW.
More information:
By 2026, all EU citizens should be able to use a European Digital Identity Wallet (EUDI) provided by their government. In Finland, the DVV is, for instance, in charge of providing the EUDI. The wallet enables individuals to use a freely provided strong identification tool to access private and public services as well as share verified documents like school certificates.
The EUDI is often justified through the discourse of user empowerment discourse, where privacy is equated with having granular control over one’s personal information. In this book chapter, post-structural discourse, What is the Problem Represented, is used to examine the EU’s political documents to understand better what the problem the notion of user control is actually trying to address.
The analysis revealed that while the EU is trying to solve with the EUDI the power asymmetries in the digital environments, where the large technology firms can unilaterally impose terms of services and control what, when, how personal information is gathered, the policy documents overlook the individuals’ ability to truly make educated decisions about one’s data. This issue becomes even more pressing in the light of artificial intelligence (AI) harms, like phrenology or physiognomy that refer to AI’s ability to infer sensitive personal attributes from only a few data points. This is particularly relevant, when personal information is collected from multiple sources and used across different databases.