Privacy evaluation of the European Digital Identity Wallet's Architecture and Reference Framework

Abstract

peer reviewedDigital identity wallets promise significant advancements in digital identity management by offering users a high degree of convenience, security, and control over their data disclosure. However, there is also criticism regarding their privacy guarantees, especially when used in regulated use cases that require high levels of assurance on the correctness and binding of a legal identity. In this paper, we present a comprehensive privacy model and analysis of one of the most prominent digital wallets – the European Digital Identity Wallet (EUDIW) – as specified by the Architecture and Reference Framework (ARF) and the eIDAS 2.0 regulation. We employ a suite of qualitative privacy risk assessment methods to systematically map and evaluate information flows in three key use cases. Our analysis identifies multiple privacy risks – including linkability, identifiability, and excessive attribute data disclosure – and reveals that although the ARF is designed to comply with privacy-by-design principles, inherent design choices, such as the reliance on SD-JWT and mDOC data formats, as well as the concept of a Wallet Unit Attestation (WUA), retain risks to user privacy. Building on our findings, we then highlight how advanced Privacy-Enhancing Technologies (PETs), such as (general-purpose) Zero-Knowledge Proofs (ZKPs), can reduce or mitigate some of these risks