Privacy supervisor: digital driver’s license should not be linked to a wallet
The European privacy regulator wants the digital driver’s license that the European Commission is working on not to be required to be linked to the European identity document. That is not the intention for the time being, but the EDPS is already warning against it.
The European Data Protection Supervisor writes this in a press release. The EDPS is the supervisor of European projects that process citizens’ data. The EDPS’ wish regarding the digital driving license has no legal status, but is nevertheless an important indication of what the supervisory authority thinks about it. The supervisor’s thinking responds to plans by the European Commission to develop a digital driving license. This must become a framework whereby European citizens can obtain their driving license not only physically, but also as digital proof that can be shown, for example, via mobile phones and that must be valid in all EU member states. The EC has drawn up a guideline for this and is still working on the technical specifications. These revolve, for example, around security and interoperability.
The European privacy regulator has now given its first opinion on that plan. The most striking thing about this opinion is that, according to the EDPS, there should be no mandatory link with the European digital identity wallet. This is also a plan of the Commission, which wants all identity documents of Europeans to be stored digitally in the future. The EDPS says that ‘the use of the EU Digital ID Wallet for mobile driving licenses should be optional, not mandatory’. There was no question yet that the driver’s license would be linked to the wallet, but that was obvious.
The EDPS proposes even more measures regarding driving licenses. The regulator believes that member states should only exchange driving license data to investigate traffic violations and not for other matters. There should also be a maximum retention period for data.
Although these are only recommendations and not official policies, the EDPS’ statements can be important in the debate. It is now clear to policymakers which standards the supervisor would like to apply. When ultimately determining these standards, it is unwise for policymakers to deviate from them, because there is a good chance that the EDPS will ultimately make a negative assessment of them. Just like national supervisors, the European privacy regulator also has the right to impose fines or require policy changes if it appears that the GDPR is being violated.